Thursday, August 18, 2011

Outsourced Authentication – Smart or Dumb?

A couple of months ago I closed my Facebook account, partly because of the continual privacy abuse by Facebook, but mostly because of what I thought was poor tooling for managing my social graph and timeline.

Since that point I’ve noticed more and more companies outsourcing their authentication mechanism to Facebook. Smart or dumb? Smart, because you’ve offloaded a password database that you can’t lose or have compromised, although you still have a client database that can. Dumb, because you’ve lost a prospect or customer like me.

If you’re going to outsource authentication it might be an idea to use OpenID instead. OpenID Explained is a good site to understand how OpenID operates. It’s worth noting that most of the major Web players are already OpenID Providers. If you don’t have an existing account with an OpenID Provider, then MyOpenID is a good place to start.

1 comment:

Lewis said...

Smart, because you can then interact with people's FB more easily. Dumb, because you're missing the opportunity to build a db you can spam