• Zak@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    the fucking Google authentication app and how it’s tied into stuff like Discord

    The one that implements the open standard TOTP that has a bunch of open source implementations?

    • Jramskov
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      You don’t have to use the Google Authentication app for 2FA/MFA.

    • Aceticon@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Now I’m really happy that all the way back in the late 90s I learned as a software professional that depending on a 3rd party for anything essential is highly likely to eventually come around and bit you.

      So when the whole Single Sign-On (via Google, Facebook and so on) bollocks started becoming fashionable over a decade ago I just saw it as a single-point-of-failure dependency on a provider and avoided it.

      Ditto with Gmail - I’ve been renting my own domain with e-mail service included for almost two decades exactly because my ultimate dependency on that service is a national DNS Registar (not even the provider as I can just move over my domain and e-mail archive to another one) which can’t just turn around and screw customers because they’re the very same one on which massive companies depend for the proper working of everything linked to the domain names (thinks banks depending on them for customers reaching their website and e-mailing them).

      I highly recommend the practice on thinking “how critical is this for me” and “what would happen if these people went bankrupt or changed their minds” when you’re considering getting into a situation were there is a continuous dependency on some external 3rd party provider (this is also why Software As A Service can be a really bad idea versus just buying the bloody software if you’re using it regularly and data that you might need for years is stuck in their system with no chance of exporting it).

      Absolutelly: need to use something once or twice, it’s fine, but for everyday life or as a requirement for your business operations, depending on an external actor from which you can’t easilly switch and who doesn’t have some kind of iron-clad tight legal contract with you that includes stiff monetary penalties for non compliance (and, even then, they might just go bankrupt) is a pretty risky choice.