SoylentNews

mechanicjay [{jason} {at} {smbfc.net}] writes:

I recently had a spirited discussion with someone about authenticating to various websites. I personally take the approach of making an explicit new identity for every service I sign up for -- local logins only. I never user a "Social" login like twitter/facebook/google, etc to access a site.

My reasoning is that 1) It's a little harder to track my movements across the web, less data for the big players to crunch, has to be beneficial in some way. 2) When a data breach occurs, it limits my exposure to the breached entity. With the thought that, if the place you use as your only Authenticator for all websites get's compromised -- what kind of exposure does that entail?

For some background, I'm a ten year professional in Web Infrastructure, with Identity and Access Management making up a decent part of what I do. After pretty much being called an irresponsible professional and told that no identity information will leak due to the way OAUTH works I thought I'd throw the question out to the community to get a feel for how you handle accounts to different websites, the inherent tracking and security concerns there of.

Bytram noted that we had a discussion on a similar topic a while back: " rel="url2html-20823">https://soylentnews.org/article.pl?sid=15/04/17/0318247

Original Submission