Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Floydian I actually don't think they planned it just for that, but rather for just spreading themselves further around the web for "easier login", since "everybody has a facebook account" - but it turned out to be a much more versatile tool for them, to now keep people in
-
Yeah I never used facebook sso, and any website I seen that uses only facebook isn't worth signing up on in my opinion. most atleast support google sso with it but google isn't any better.
But as far as I see if someone drops their Facebook and can't access a site, good. it was people's inability to think ahead that screwed them in the first place with Facebook so if it screws them over enough times maybe a few of them will use their heads for more then a fucking hat rack -
@Condor
>>(I used their password manager once, migration to something else when the trial ended was so difficult!)
Might have changed since, because when I tried it was super easy to just export them all into a csv and then import into any other password manager, bitwarden supports them also iirc
>>The problem that I have with this however and that oAuth providers like Facebook and Google solve, is that small websites (and even some larger ones) store passwords insecurely.
>>So I use my Google account for that - to make sure that all they get is a token.
(cont.) -
@Condor
You're addressing actually something that I haven't even yet explored the option for, I just was always against "log in with", because I never wanted everything to be connected back to me, like a full list, the thought of it just gives me a cold down my back, but it's an interesting way of using them, though you might have to consider just using some random generated and stored password, over all those token logins, check out bitwarden for example, it's free, open source, syncs all your devices etc. - and even if they store it plain, you won't care a rats ass, because its unique and generated just for that site -
@PerfectAsshole
I disagree, many websites make it terribly hard to sign up with your email and advertise all those SSOs as the more simple way of signing up, making them the much more catchy CTA buttons and email sign ups almost always stashed away towards the bottom or a barely readable lightgray font, not even a button
Facebook is to blame for locking in people and should be now taken to action, so they offer some sort of feature (though quite difficult, I can't really imagine much options, if any - besides directly working together with everybody who uses facebook logins via general message to all who load those resources onto the website) which would take care of migrating from a facebook login to a normal one in some way -
@Condor I can see how that second layer can add great protection for sure, but doesn't aliexpress for example offer 2fa too? so they would need email, password and your 2fa access, which has similar results but is not tied to google nor facebook? correct me if I am wrong, but I think I had 2fa activated on aliexpress (or was it alibaba?..)
-
@JoshBent I'm not surprised as long as we both have been on devRant I don't remember anything we both have agreed on haha.
I've always believed security is based on a user's decisions, in the case of cambridge analytica facebook users ignored the app permissions for a dumbass app and had their data stolen. I don't blame facebook for that cause that was between the user being a dumbass and Cambridge Analytica misusing the information it asked for. what I blame facebook on is that it didn't do anything proactive when the first found out about it along with their data mining policies which means even if you don't have an account they still have messages from you if you know someone that has facebook on their phone. -
@JoshBent sorry went on a little rant and forgot the main part I was going to say.
if a site makes it hard to sign in without needing facebook it's a badly designed website and as long as it's being used it's not going to be fixed unless people stop using them, so what I said about them not needing to be used is correct -
donuts238487yI use Google but depends how important it is. Is I really want to keep it, I always use email though technically email is the same. If you delete the account...
-
@PerfectAsshole heh, might be, I didnt actively try to disagree 😄
Regarding cambridge analytica: you're missing the information, that only like 300 people signed up to do that freelancing job and from there it was a spreading virus that grabbed/scraped all the data from all friends and subfriends, depending on the settings set - which were fully allowing most of the time, because of facebooks defaults, so yet again, it was mostly people affected that didn't even trust any app, thats why it blew so much up.
The poorly designed websites are actually well thought out and based on marketing strategies, things like airbnb etc. have a huge user base and makes use of such tricks for example - people that are dependent on it, mostly sign in through their mobile, where basically the email sign up is non visible until scrolled iirc - and in a mobile app you don't see that you can scroll, so yet again I would say its the fault of the creators for being so driven by pushing those SSOs.
I am just very careful in general with blaming users that got leaked, attacked etc. because I often can see friends probably falling onto those simple tricks, simple people do simple mistakes, thats what gets abused by those bigger companies, designs, marketing strategies etc. -
@Bitwise damn, that sucks, its usually a lot of work to train your spotify account to know what you like and save music you found
@billgates if you mean the google email, yeah, same thing in the end
@rEaL-jAsE maybe just in case check the apps page, to not bite your ass later on 😉 -
donuts238487y@JoshBent well I mean anything you bind stuff to like email, phone #, classes/interfaces...
Related Rants
With the movement of people recently deleting their facebook accounts, this actually covers a valid concern I didn't even think of, since I personally don't use that feature at all, nor have I ever used it.
People that used the "login with facebook" a lot, especially with websites that exclusively use it, will flush not only their facebook account doing that, but also all accounts they have ever used to log in with facebook, if not actually thought as far as checking the apps section of facebook and trying to migrate your account, which is also rarely possible.
So basically many people that do use it, simply won't delete their facebook account, because it has this backup parachute attached with its strings, that does not allow for an easy exit, except for literally ripping it all out and losing every account it seems.
Ignore dashlanes self advertisement bullshit at the bottom, the blog itself is still highly valuable in itself.
Source: https://blog.dashlane.com/delete-fa...
rant
login with facebook
delete
facebook