this post was submitted on 08 Jan 2024
2288 points (97.7% liked)

Technology

59298 readers
4773 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 10 months ago (2 children)

the fucking Google authentication app and how it's tied into stuff like Discord

The one that implements the open standard TOTP that has a bunch of open source implementations?

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

Now I'm really happy that all the way back in the late 90s I learned as a software professional that depending on a 3rd party for anything essential is highly likely to eventually come around and bit you.

So when the whole Single Sign-On (via Google, Facebook and so on) bollocks started becoming fashionable over a decade ago I just saw it as a single-point-of-failure dependency on a provider and avoided it.

Ditto with Gmail - I've been renting my own domain with e-mail service included for almost two decades exactly because my ultimate dependency on that service is a national DNS Registar (not even the provider as I can just move over my domain and e-mail archive to another one) which can't just turn around and screw customers because they're the very same one on which massive companies depend for the proper working of everything linked to the domain names (thinks banks depending on them for customers reaching their website and e-mailing them).

I highly recommend the practice on thinking "how critical is this for me" and "what would happen if these people went bankrupt or changed their minds" when you're considering getting into a situation were there is a continuous dependency on some external 3rd party provider (this is also why Software As A Service can be a really bad idea versus just buying the bloody software if you're using it regularly and data that you might need for years is stuck in their system with no chance of exporting it).

Absolutelly: need to use something once or twice, it's fine, but for everyday life or as a requirement for your business operations, depending on an external actor from which you can't easilly switch and who doesn't have some kind of iron-clad tight legal contract with you that includes stiff monetary penalties for non compliance (and, even then, they might just go bankrupt) is a pretty risky choice.

[–] [email protected] 1 points 10 months ago

You don't have to use the Google Authentication app for 2FA/MFA.