Ryan Markel

HIT/MISS RATIO: 46.8%

  • Home
  • About
    • About Ryan
    • Contact
  • Archive
    • Games
  • RSS
    • Games Only
    • Everything

Tag Archives: web apps

Logins: Roll Your Own

Aug6

We know now that Mat Honan’s account compromise was due to bad policy at Apple for allowing account access, but this bit from Daniel Jalkut’s post about the situation holds true regardless:

One way to protect yourself is by declining to delegate authentication to third parties. When enrolling in a new service that offers Twitter or Facebook authentication, I usually go through the nuisance of creating a new account instead. That way I can choose a unique passphrase, and store that in my keychain. I prefer this to allowing numerous items to be implicitly added to my Twitter or Facebook “keychain.” Don’t put all your eggs in one basket, as they say. (Well, that’s what I’m doing with my keychain, but I am empowered to personally protect it and to back it up as I see fit.)

This is a strong argument against permitting multiple login “vectors” from social services to your web service. It’s a good idea to permit connecting to these services so your service can leverage things like contacts and posting access but a bad idea to permit authentication from these services.

And you should never use the same password twice across services. The last.fm/LinkedIn password craziness should have taught everyone that.

Share:

  • Click to email a link to a friend (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Posterous (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Hacker News (Opens in new window)
  • Click to share on Instapaper (Opens in new window)

Like this:

Like Loading...
1 Comment Posted in Markel! Tagged Facebook, login, passwords, security, Twitter, web apps

About Me

I'm a husband, father to five, and Automattician. I love games, life, nerdy things, and the Cardinals, and am a fake plastic rock star playing St. Louis at least once a week.

Give me your email address and I'll give you a shout every time I post something, automatically.

Join 12 other subscribers

Twitter

  • RT @chaosprime: i didn't even consider my language. i've used the phrases on the left too often https://t.co/p2n3xivZ94 20 minutes ago
  • Gonna miss being in Chicago with y'all nerds this weekend at Frosty. Normally, I'd be right in there with everyone,… twitter.com/i/web/status/1… 32 minutes ago
  • @cwbuecheler I think I'm generally OK with "sammich," but the two you mentioned need to get lost. 3 hours ago
  • @yakinikuwizard F 1 day ago
  • @nadiaudio Vision is nothing without the ability to communicate the how and the why to people—with context—and then… twitter.com/i/web/status/1… 2 days ago

42,396 on a Tuesday Night

We are Cardinal Nation.
Blog at WordPress.com.
  • Follow Following
    • Ryan Markel
    • Already have a WordPress.com account? Log in now.
    • Ryan Markel
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: