Stories
Slash Boxes
Comments

SoylentNews is people

Ask Soylent: 3rd Party Authenticators

posted by martyb on Saturday August 08 2015, @12:54PM   Printer-friendly
from the 867-5309 dept.

mechanicjay writes:

I recently had a spirited discussion with someone about authenticating to various websites. I personally take the approach of making an explicit new identity for every service I sign up for — local logins only. I never user a "Social" login like twitter/facebook/google, etc to access a site.

My reasoning is:

  1. It's a little harder to track my movements across the web; less data for the big players to crunch has to be beneficial in some way.
  2. When a data breach occurs, it limits my exposure to the breached entity. With the thought that, if the place you use as your only Authenticator for all websites get's compromised, what kind of exposure does that entail?

For some background, I'm a ten year professional in Web Infrastructure, with Identity and Access Management making up a decent part of what I do. After pretty much being called an irresponsible professional and told that no identity information will leak due to the way OAUTH works, I thought I'd throw the question out to the community to get a feel for how you handle accounts to different websites, as well as the inherent tracking and security concerns thereof.

Bytram noted that we had a discussion on a similar topic a while back: Personal Privacy in a Surveillance World -- How Important is it? - SoylentNews

Original Submission

 
This discussion has been archived. No new comments can be posted.
Ask Soylent: 3rd Party Authenticators | Log In/Create an Account | Top | 22 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Nuke on Saturday August 08 2015, @07:11PM

    by Nuke (3162) on Saturday August 08 2015, @07:11PM (#219953)

    Can't believe anyone would want to authenticate to, fer example, Soylent News using their Yahoo/Google/Facebook/whatever information. Why link accounts?

    Lots of sites, particularly blogs and small specialised sites, just will not let you register to make comments or place queries without authentication from a major "social" site or specialised authenticator - Disqus keeps cropping up. I usually move on.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by Hairyfeet on Sunday August 09 2015, @01:20AM

    by Hairyfeet (75) <bassbeast1968NO@SPAMgmail.com> on Sunday August 09 2015, @01:20AM (#220081) Journal

    Well its not a problem for me, because my FB? Its my shit account. I don't use my FB for shit, the only info it has is shit, and the only people I have as friends are ones i don't give a rat's ass about. So why would I care if some website learns about people I hate that do things I don't care about and which has less info on me than your average /. profile? Knock themselves out.

    --
    ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.

    • (Score: 0) by Anonymous Coward on Sunday August 09 2015, @06:55PM

      by Anonymous Coward on Sunday August 09 2015, @06:55PM (#220353)

      So how do you really feel?...

      (Not that I disagree, FB is apparently designed on the hazing/Stockholm principle. Make everyone suffer so that they feel devoted towards the cause of their punishment. It just make me want to kick Zuckerberg in the nuts)