I don't like Browser ID, OpenID, Oauth solutions because I can put a form on a page that looks just like one, get your pass, and then look at which sites you have cookies for and instantly know which sites I have your User/Pass for.
Unified login might be fine for protecting your Facebook... but SOME COMPANY I won't say who but it rhymes with Moogle. Recently unified my logins so where I used to have a Password for my Mail, a Password for my YouTube, a Password for my Adsense, and a Password for Adwords. Today if you hack my Plus account you could spend $100k on adwords against your website, making me poorer, and you richer. Unified Login is for convenience not security. You might as well guard your site with a note that says "do not hack me it isn't nice" -Brandon -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Schnitzer Sent: Monday, January 02, 2012 11:26 AM To: [email protected] Subject: Re: [google-appengine] Re: OT: Doing It Wrong On Mon, Jan 2, 2012 at 11:11 AM, Paul <[email protected]> wrote: > While we are at it - what would you suggest to be a most efficient > solution on App Engine? Is bcrypt too heavy? My advice is not to bother with all that crap. Use BrowserID anywhere you would use a username/pw instead. I recently replaced the local username/pw part of my dual-auth system (FB being the other) with BrowserID. The user experience is way better than any other local auth system I've seen, including ours - which was pretty damn nice. http://www.browserid.org/ Jeff -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
