[outages] facebook slow

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Fri Nov 30 21:12:27 UTC 2018

On Fri, 30 Nov 2018 13:16:31 -0700, "Keith Medcalf" said:
> Why don't you just write all your password on big sheets of construction
> paper and put them on the front of the building or in the nearest Starbucks?

I'm going to go out on a limb and say that with all the problems inherent in
using a social media account as an authenticator, for 95% of sites it's still
more secure than if they attempted to create their own authentication system.
Having even less security expertise than Facebook, they will probably get wrong
(possibly in a subtle fashion that gets quietly exploited for years, and
possibly in a spectacular fashion that makes it on the evening news).

There's the additional factor that security is always about trade-offs - for
many sites, the dangers of using social media logins are *far* outweighed
by being able to just have a big shiny "Log in using Facebook" button instead
of making the user set up an account, pick a password, send them a verification
e-mail, then they have to read their e-mail and click on the link.  Do that, and
they just left for another site.  Doesn't take many people leaving for another
site before any added "security" added by doing authentication yourself is
outweighed by lost traffic.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181130/f3dff9bd/attachment.sig>

More information about the NANOG mailing list