• Brkdncr@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    11 months ago

    This is bad advice. Federated identity and oauth are great tools. You need to use the right identity provider.

    When some random website gets hacked and has its authentication database dumped your credentials won’t be in there.

    You can see what a website has access too from your identity provider.

    It’s federation. It’s a trust model. Like the fediverse.

    • thesmokingman@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      11 months ago

      The biggest reason not to use a single account like this is that you lose everything if you lose the owning account. It’s bad advice to say you should absolutely do one or the other. It’s good advice to consider the risks.

        • thesmokingman@programming.dev
          link
          fedilink
          arrow-up
          0
          ·
          11 months ago

          Do I use an aliasing service that allows me to change the account emails point to? Yes. Can I access those accounts with access to my email? Yes.

          The issue here is that if you lose access to social network that logs you into those things, you lose the account. If you have an actual account, not delegated access, you can still access the account with the social account.

          I’m struggling to find some good article examples because Google is rolling out inactive account deletion and that’s polluting my search results. So go test this out yourself: go try to change the account name/email, password, or MFA for any of those accounts you use social auth for. Try figure out how you would log into without that social account. Next do the same thing with an account you don’t use social auth for.

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            0
            ·
            11 months ago

            Same but this basically puts all the trust in your mail provider which also sucks.

            We should have logins with security keys and/or local biometric unlocking. I think that would already increase security and ease of use a lot. But these things are so expensive and not well supported yet