After Apple added Twitter authentication in iOS 5, iOS 6 will do the same for Facebook.
While some may think this is just another Silicon Valley partnership thingie, I actually think it's a big deal, even in an enterprise context. And it's not about pressing LIKE on an app. Read on.
We recently had to discuss several password leaks from sites like LinkedIn, eHarmony and last.fm.I think everyone is perfectly clear that it's not a good idea to either use weak passwords or re-use the same password over and over again.
But still, if you're really really honest to yourself you'll have to admit that you're doing it. And probably not only once. One of the worst offenders is often the enterprise environment, where you'll have countless passwords to manage, sometimes (always?) with incoherent password policies. The different requirements, coupled with weird change frequencies, may drive you to re-use passwords, often simple ones, to make life bearable. And insecure.
This is where the Twitter an Facebook integration come in. Both sites support an authentication method called "OAUTH" which allows you to sign into another site (which needs to implement support for OAUTH - see documentation from Twitter and Facebook) with your Twitter or Facebook credentials. Google also supports OAUTH for lots of sites.
Here's a rough description of how it works:
Why's that a good thing? Let me count the ways:
So, why is this a good thing in iOS specifically? Coming back to my opening paragraph, it's quite easy to enter a long complex password _once_ in the Twitter and Facebook settings in iOS, then every iOS app supporting OAUTH should be able to ask for your permission without you having to re-enter a password. This makes it A LOT easier to sustain good passwords. If every new app requires you to manually type in a password you'll be tempted to resort to something you can easily remember, which is kinda counter-productive.
And the enterprise implications? Sorry, we're not there yet. One reason is that your employer will probably not allow you to loginn to your ERP system using your Facebook login. But what if a more enterprisey OAUTH provider allowed you to do that? With the growing number of mobile applications that might be an important mechanism to secure authentication for mobile enterprise services.
What is your experience with mobile apps and passwords? Are you already using the integrated OAUTH mechanisms? What if you could login to SCN with your Twitter ID? (just thinking...)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
38 | |
19 | |
13 | |
13 | |
11 | |
10 | |
10 | |
10 | |
8 | |
8 |