Follow
re: okta vulnerability, grumbling about security
@Scmbradley Oh, certainly, and this holds true in that case. But in the past few years it's become a bit of a Thing for people in tech circles to say "authentication is too hard to get right, you should outsource it", which ignores that a) this is outsourcing to a company, not a library, which has wildly different consequences, b) none of these companies are actually competent or trustworthy, and c) you're more likely to fuck up the integration with their (usually overly complex) system than you are to fuck up a simple "hash the password" implementation.
re: okta vulnerability, grumbling about security
@Scmbradley Probably nothing illustrates this better than Stormpath, a now-acquired "security and authentication company" that published an article about JWTs, half of which was outright factually incorrect and would never pass even cursory review by a security expert.