We have all heard of the leaks major corporations can have and don't hear at all about the 30 million cyber attacks each year.
Which leads us developers to get cold feet when it comes to storing users sensitive data.
Personally I have started using gems such as Omniauth and forcing users to use their provider of choice as the secure entry point into my own application.
Why spend time and resources storing their sensitive information when we can authenticate them via a third party application? (Who most likely has spent more time and money keeping their users safe.)
Thus coming to my conclusion...
All we need is a users email, their third-party login of choice, and that returned UID from said third-party.
- Fully authenticated user
- We get more information than a user would have to input themselves
- No blame on you if a third-party has compromised passwords
What are your thoughts on this matter?
- Do you prefer using third-party authentication systems for your applications?
- Do you disagree with me and think we should still be storing user sensitive passwords?
- How do you go about securing your application users data?