Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Authentication is hard.

No, it’s not.

It’s certainly not harder or more complicated than the OAuth protocol used support Google-based sign-in.

Exactly what unique value do you believe these big companies bring, exactly?



It actually is very hard. There’s a long tail of concerns that make it difficult to do authentication as well as a major player in the space.


What exactly about it is hard?


The part where you guarantee to your users that the person you authenticated is who they seem to be. In this particular example: "Is this invoice I'm about to pay for the service I purchased, or is it fraud?"

Farming that responsibility off to Google or Facebook and letting them handle the edge cases (for free, I might add) has genuine security value.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: