Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Centralized authentication puts all your eggs in one basket, while password manager splits risk by not sharing passwords across use-cases.

That said, I don't see why you shouldn't do both.



Password managers also put all your eggs in one basket: the master password to your PM!

There is after all a reason that it’s called 1Password!


Sure, which is why I would argue it isn't wise to put that basket online.

I also would enable MFA for any high value targets, so that a password leak alone wouldn't ruin you.


How would you do both, in this case? Either you create accounts per site, or use SSO, no?


Use SSO for low-value sites, things where you wouldn't be affected severely if you lost access to the account.

For high-value targets, create a stand-alone account, put password in password manager (preferably offline) and enable MFA. If MFA isn't supported, I would choose another provider if it is really high-value.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: