Skip to:

Re: RPX + BuddyPress, what technical obstacles should we be aware of?

John James Jacoby


Everyone is always very quick to advertise the benefits of a single-sign on service, or a go-between to allow users to sign into your website using any number of different credentials, but there are a few major flaws with this idea, and they are going to become extremely apparent very soon.

The first MAJOR flaw I see in this design, is that all it takes is one website to put up password stealing/sniffing code, and now you’ve given your twitter password to anyone with access to the sites malicious intentions.

The second MAJOR flaw I see from a developers standpoint is that you as a site administrator no longer have control over the user data that is using your website. This means tracking down a problem user that creates an account with their facebook, you ban them, their google, you ban them, their open_id, you ban them, etc… That, along with the fact that these user registrations tend to add their own cryptic names into your database fields; now you’re forced to try to know who “fb8288373” really is, when had they registered the normal way, you could see they are “johnjamesjacoby.”

From a user perspective, I don’t plan on using Facebook for the rest of my life, so when I delete my account in a few years, that means I can no longer use your site without creating a new profile.

Also, if I’m logged into facebook on my computer, and close facebook, and then my girlfriend walks over to a site and clicks on facebook connect and continue, it logs her in as me because I am still logged into facebook. Now I’ve registered at a website that I didn’t want to register at, and I have no way to delete that account, and who knows what kind of information they’ve decided to store about me by this point…

Quite frankly, I can’t wait for this trend to die. It’s a headache waiting to turn into a brain tumor in my opinion. :)

Skip to toolbar