Posts: 105
Threads: 28
Joined: May 2015
Reputation:
0
Hello, I'm making a website and I'm wondering if it is a good idea to only let people sign up with their ******/github account.
I think it will be much safer and easier for the users and for me.
Are there any cons to it? Do some people prefer signing up with email & password?
Edit: The users I'm targeting are mainly going to be programmers, so they probably have ******/github.
Posts: 701
Threads: 7
Joined: Feb 2017
Reputation:
0
Not everyone has a github or ****** account. And some of them prefer to have all their accounts separatedly.
However I do find it more secure than the common sign up system.
Posts: 3,133
Threads: 71
Joined: Dec 2013
Reputation:
0
There's definitely pros and cons to that. One of the main pros are: security and constant maintance on ******/GitHub/whatevers end, you can expect it to be mostly secure; less work for you, implement the API and you're done. Cons: you don't have access to their data like you would maintaining a database, you can't easily reset their password if they lose that account (you'd have to change the account the data is associated with completely). It's less freedom basically, although similarly with pros, not having data means that their data is secured in the case your own system/database is breached.
Posts: 388
Threads: 18
Joined: Apr 2011
Reputation:
0
Most steam gaming communities use Steam Login, it's a convenient option since it's easier for user to sign up. I am not sure how ****** would turn out but it would be definitely easier for users to sign up with instead of having them enter everything.
Posts: 293
Threads: 20
Joined: Jan 2017
I like your idea... can be made using this schema:
- Create a unique PHP login page containing ****** ( any social media ) auth
- Give te user a secret key after register ( or login ) to use in server before 2mins time ends
- When user's logged in successfully, kill the timer and so secret key will expire
- Save his current ip so if he time out ( or gets kicked accidently ) can go back to server without doing same operation again, would be annoying
- The database will only have the auth key... no passwords. so even if you give someone the auth keys, they won't crack anything!
Posts: 105
Threads: 28
Joined: May 2015
Reputation:
0
What would be a good solution if someone lost access to their ******/github account?
Posts: 4,878
Threads: 85
Joined: Jun 2007
Reputation:
0
I dont use external logins at all, because ******, ********, etc dont need even more data about my used websites.
Dont know if there are many people who think the same way though.
Posts: 6,242
Threads: 8
Joined: Jun 2008
I do indeed rather keeping my accounts seperate, and I also prefer to keep my main accounts away from any third parties...
End up having spam, and other crap turn up if I don't.
My throwaway email is LITTERED with spam...
