What do people think of services like https://www.loginprompt.com/? (provides logins as a service for your startup)
Isn't this sort of security something we wish we didn't have to learn? And for people who don't take the time maybe it's best to let a third-party handle it.
> Isn't this sort of security something we wish we didn't have to learn?
Absolutely. Time spent on your auth scheme is time you're not spending on building your product. (And half-assing your auth scheme generally comes back to bite people.)
That said, outsourcing it to a centralized provider may not be the best idea for business, user, or security reasons. So it's a balance.
Of course, I'm biased: I work on the Persona team at Mozilla, where we're trying to build a simple, secure, fully decentralized, and open source authentication system that fits that niche rather nicely, but the points above stand: you have to figure out the opportunity cost of your chosen solution. There's no universal answer.
100% agree with you. I love the concept of Persona, but it has a serious cold-start problem. If I could implement it and nothing else on my site, I would, but unfortunately the reality today is that most users don't know it.
Isn't this sort of security something we wish we didn't have to learn? And for people who don't take the time maybe it's best to let a third-party handle it.