Show threadVincent Sparks 🔜 FurlingameOct 23

@raccoon this is a good meme and all, but is terrible cybersecurity practice

as a programmer, i do NOT want to store your password. that is WAY too easy to do slightly wrong in a way that will leave everyone vulnerable if i ever experience a data breach and is definitely something best left to the professionals, like google and github and whatnot. they let you log in through their website, they store your password using their billions of dollars of infrastructure that they use to keep passwords safe that i do not have, and they pass me an auth token, which if it gets leaked in a data breach, is pretty much useless outside of my website. also, if you want to delete your account from my website, you don't even have to go to my website, you can just log into google's OAuth management system and say "i don't want to be associated with this website anymore" and it'll zap the OAuth key and unless i kept your email address i won't be able to interact with you at all anymore.

Show threadSkjeggtroll

@AVincentInSpace @raccoon

"but is terrible cybersecurity practice"

That depends on what I'm trying to protect. If I'm trying to protect my account on your specific webpage then it's not ideal, no, but if I'm trying to protect my overalll privacy and identity across the Internet in general, then it's still the best option.

Dec 30 at 11:13amWeb