Some black guy joined in and replied with this 4 days ago, 5 minutes later[^][v]#1,413,600
Well if you care about your privacy, we didn’t know you used pornhub until you told us.
On a more serious note, it’s because people have been spreading the idea that programming your own user authentication is some dangerous thing you shouldn’t do. They’re not completely wrong about that, there are still a lot of Stack overflow solutions that recommend using MD5 to hash passwords (never ever do that).
Between vibe coding, no code, and "you don’t even need to go to college bro Elon Musk said so even though all his job postings say BS at minimum required" you kinda do still need somebody who actually knows what they’re doing who’s actually competent enough to build the thing themselves. Otherwise everything is going to be built on google something logins.
Also, like… if you are a good programmer… you really wanna tell people you work at pornhub of all places? That probably has something to do with it. I assume cybersecurity experts want to work at Microsoft or Apple or Google or for the government or something that sounds cool / brag worthy.
Anonymous D joined in and replied with this 4 days ago, 1 hour later, 2 hours after the original post[^][v]#1,413,616
@1,413,600 (Some black guy)
It's less that it's dangerous, these days there are lots of well documented, strictly maintained libraries for exactly that purpose. It's mainly for convenience, for both the devs and the users. It's easier for everyone to use an existing system for authentication. As much as I hate the increasing centralization of the internet, I do find myself occasionally seduced by the convenience of logging in with an account I already have.
Some black guy joined in and replied with this 4 days ago, 1 minute later, 2 hours after the original post[^][v]#1,413,617
@previous (D)
I wasn’t really arguing that it’s dangerous, I’m just arguing it’s dangerous if you don’t know what you’re doing, but it feels like there’s a movement where people simultaneously want to complain that everybody is unqualified while also being against people getting qualified at the same time, like that’s not a catch 22.
tteh !MemesToDNA joined in and replied with this 4 days ago, 5 minutes later, 2 hours after the original post[^][v]#1,413,619
@1,413,600 (Some black guy)
I broadly agree with this (i.e. that it's not inherently a terrible idea) with the caveat that implementing your own encryption (not to imply you're suggesting that, but often people who decide to do their own auth decide to roll their own crypto) is a monstrously bad idea, to the point that it's become a meme in the industry ("don't roll your own crypto" was already a mantra when I started my career 15 years ago, to be fair).