unified login between different websites that isn't facebook/twitter/google

Started by strongbad, October 25, 2015, 03:45:23 AM

previous topic - next topic

0 Members and 1 Guest are viewing this topic.

Go Down

strongbad

I LOVE the idea of "sign in with facebook" because it is very tedious to have different accounts across every website, having to enter and maintain the same information across the board, but I HATE linking something personal like facebook to something that I would rather not affiliate with my personal life e.g. boyah/pornhub/reddit. also, having to maintain multiple secure passwords across different sites is a huge nusance, and i think it would be far superior to have one very secure password than many insecure ones that are easy to remember. however, the tradeoff would be that you'd be fucked if someone figured out your one password

does anything like this exist? i dont really know how it would without websites already having the architecture for it, which is a shame.

kind of just brainstorming but id like to know what you guys think.

bluaki

Yes, there is a standard like you described and it's called OpenID Connect. Google is one provider for it, but a lot of sites also support logging in with arbitrary non-Google OpenID providers if you look for it; I believe StackOverflow is one notable example that actually makes this very clear to the users.

I don't know exactly how Facebook and Twitter implement their unified login systems (I'd expect Facebook to be least trustworthy of the three), but Google's sign in system doesn't leak too much.

[spoiler=Details of Sign in with Google]When you "Sign in with Google" on a site, generally:
* Google knows: That you use that site, but no details about what you do on that site
* Your Google contacts and other Google/G+ users know: Nothing new
* If Google turned totally evil and decided to ignore all laws: They'd be able to log in as you on that site
* The site knows: Your Google email address and anything else Google shows you on the account connection page, which might sometimes include at most "basic profile info", which includes:
** Full name and nickname
** Language
** If you use G+: profile picture, profile link, all your profile fields that have "public" visibility

Google also has support for "connected apps" that do pretty much anything else with your account, from email, calendar, contacts, Google Drive files, YouTube, Google Play, Google Wallet, etc. Logging into those works the same as the minimal "Sign in with Google" stuff, but Google shows you all the account connections the app requests.
For example:
* Android itself (with Google Play Services) requests access to everything
* Some third-party email clients can link to your Google email and calendar
* Newegg, Humble Bundle, etc. can use Google Wallet instead of Paypal to complete purchases
* Some Android games can use your Google Play Games profile (achievements, etc.)
* Disney Movies Anywhere can sync your library of Disney movies to and from Google Play Movies (they do the same with iTunes and Amazon)
* See https://security.google.com/settings/security/permissions for a list of things you've used[/spoiler]

strongbad

i was hoping that you would reply, bluaki lol
all good information thank you for the comment.

wonder how soon it'll be until you have to "sign in" to use the internet as a whole

Daddy

OpenID, OAuth, Facebook/Twitter connect, various SSO (ADFS, Kerboros, SAML), and such are becoming more popular due to ease of login for the user. makes it suck for the admin though lol

Google's sign in is based on OAuth.  I had played around with OpenID on Boyah in the past but it was a bit fucky so I disabled it.

also a workaround for things like Unified accounts are "app specific" passwords. So you'd sign into each account using your unified/SSO login and then give each program a unique password that may be weaker (lots of google apps support this already).

Two factor auth (Google Auth, Duo,  Authy, etc) helps to bolster this.


I had to sit in on a SSO project over the summer and oh god fuck ADFS.

snoorkel

im interested in this because i want to allow customers to instant signup with their existing account.

my favorite account for SSO is my Microsoft account lol

Daddy

Quote from: infinite luxury on October 26, 2015, 11:03:42 AM
im interested in this because i want to allow customers to instant signup with their existing account.

hmu and i can see if i can help.

i need financessssssss

Credentials: I was on a project to implement SSO using ADFS to authenticate to Office365 and HBO Go.

snoorkel

Quote from: Khadafi on October 27, 2015, 08:32:55 AM
Quote from: infinite luxury on October 26, 2015, 11:03:42 AM
im interested in this because i want to allow customers to instant signup with their existing account.

hmu and i can see if i can help.

i need financessssssss

Credentials: I was on a project to implement SSO using ADFS to authenticate to Office365 and HBO Go.


sure let's do it, i'll let you know

silvertone


Go Up