DEV Community


Discussion on: A Guide to Securing Node.js Applications

andreidascalu profile image
Andrei Dascalu

Unless you mean biometrics, I don't see how that goes. Social login means the password is handled by Facebook. But it's still a password just somewhere else, incidentally with a bigger footprint, a bigger target both for hacking and phishing. I have nothing against providing social login as an alternative, just not a replacement for user password (with 2fa, maybe).
If there's a breach on their side, you can't do much except remove that provider.

Thread Thread
shaikhshahid profile image
Shahid Shaikh Author

Totally agreed.