Yahoo to End Facebook, Google Sign-In on Its Web Properties
recode.netIt's alright, Yahoo audience probably haven't heard of Facebook yet anyway. </sarcasm>
In all seriousness though, this is a good thing. FB login has become so prevalent, that not having it hurts more than it helps. At the same time, they used to change APIs so often, that keeping it working was a royal pain.
Although it's much easier to implement these days, especially with services like http://hull.io, it's yet another part of one's site/app to worry about.
Good for Yahoo!
Good! The less that people see Google and Facebook accounts as "Global Internet Identity Accounts", the better.
I disagree. The more people use Social login and the less people use their one shared password on all sites which tends to be "password1", the better.
It's a bit of an improvement. On the other hand, if that one account is hacked, it gives access to everything else as well. Moreover, you can even get a list of applications/sites tied to that account. Which makes it arguably even less secure.
If we want people to be safer, we should learn them how to use a password manager to generate a unique password for every site.
And since access to passwords requires two things (the password to the password manager and the password database), it's arguably more secure, even with a weak password.
I use Google Two-Factor authentication. I need my password, and my phone.
If I root your box, and watch you type, I have the password to your password manager, and the password database.
Arguably, if you root someone's box you could install a modified TLS stack that would allow for a MITM attack to capture the 2FA login flow. (But this would be obviously a little more difficult)
I have a friend that this happened to. I unfortunately cannot elaborate.
The user's single identity should be owned by the user and managed securely by the browser, not by Facebook or Google.
Why do you think users want to own their identities?
Users, when you ask them, want a service that handles the backup and synchronization of their identity between all their devices. Users don't want losing the device their keys are on to mean losing their identity. Users want to be able to join a new device to their identity by just entering their username and password on it. Users want to be able to enter those credentials on random public computers to be able to temporarily use their identity on those computers, then log out when done. And users don't care about the security implication of any of this.
Currently, given this set of use-cases, "identity providers" like Facebook and Google work perfectly for users. Password managers don't.
I didn't say that any existing technology would meet this need, but there ought to be a way for users to have convenience and privacy. There are ways of syncing data without revealing it to the data host (Firefox sync, Tarsnap, BT Sync, possibly AeroFS).
It's up to those of us who actually care about such things to give users what they want in a way that gives us what we want.
Like Mozilla Persona? I like it but I don't know how they can drive adoption to your average user.
> Still, I imagine the grand plan is to make Yahoo “cool enough” that people will actually want to use a Yahoo ID consistently. We’ll see how that one goes.
For what? as a consumer,what service Yahoo does offer that would make me want to get a yahoo id?
As a developper ,Yahoo has a few interesting services but that's it. Yahoo's shopping spree is over but it did not make it more relevant.
Yahoo runs many services that have traffic that most start-ups here would die for. Number one finance site,number one news site, huge fantasy sports, Flickr, Delicious, significant search traffic. People on HN tend to dismiss them but we are indeed talking one of the most trafficked websites on Earth. I would say there is more value having a Yahoo ID than most other sites due to how much they offer.
It's not popular but I think Yahoo Mail is way better than a lot of people give it credit for as well.
A brief bit of googling shows Yahoo mail has similar numbers of users as Hotmail and Gmail, somewhere between 200-400 millionish, hard numbers aren't often announced.
So it's popular, though has lost it's top spot.
Oh right, I guess meant "not trendy". I know it's pretty widely-used, but it unfortunately and unfairly tends to elicit the same response as when someone tells you they use AOL for their internet.
And Yahoo mail has taken over verizon mail, at least in some hubs.
Delicious left Big Purple long ago.
Yahoo has a good fantasy sports platform. They might be the leader there though espn may have passed them by now.
Under Marissa Mayer's watch, Yahoo has been investing tremendous effort in refining the UX on their web/mobile properties like Yahoo Weather [1], Flickr [2], and Yahoo Sports [3].
Seems like they're giving people a reason to use their products, and then making a play to have an OAuth-level relationship with the users. Maybe they want visibility into how a user authorizes third-party apps (FB gets an awful lot of insight from FB connect!) or maybe they just want to solidify their user lock-in.
Either way, I can't imagine they justified the engineering work for massive redesign on seemingly not-profitable properties like Weather/Flickr without having a solid long-term plan for how to capitalize on that.
[1] http://www.engadget.com/2013/08/15/yahoo-weather-android-red... [2] http://blog.flickr.net/en/2013/05/20/a-better-brighter-flick... [3] http://techcrunch.com/2014/01/03/yahoo-sports-gets-ios-7-red...
Under Marissa Mayer's watch, Yahoo has been investing tremendous effort in refining the UX on their web/mobile properties like Yahoo Weather [1], Flickr [2], and Yahoo Sports [3].
Actually, the recent changes made me quit Flickr. It's now an ugly mixture of new and old (especially if you use the organiser, etc.) and when you are logged in (which is likely when you use Flickr) you get an unremovable, ugly, purple Yahoo bar.
I was a paying user since 2009. Now Smugmug gets my (and my wife's) money.
The Flickr redesign has been the worst UI change I've ever seen on the web. I've been on Flickr since 2007 and really enjoyed its interface - much like reddit (pre- custom subreddit styles) it was clean and fast. Now it's ugly, confusing and very sluggish.
I really like the new Flickr, but I usually just use photo stream and sets.
FWIW, I have started to avoid Yahoo Sports since the redesign. The site is much slower and more difficult to navigate than it was before.
This is the main reason why I have my Yahoo ID. I've been involved in many fantasy leagues on many platforms and Yahoo's has consistently been the best one year-in, year-out.
Yahoo has an excellent Financial Portfolio / Stock Tracking Site. I go there pretty much every day to track how things are doing.
The same services that you would use had you logged in with Facebook or Google?
I tried to sign up recently with yahoo to access a yahoo group and they demanded a phone number which I didn't want to give them, so I gave up.
(123) 456 7890 wouldn't work?
no, it required a confirmation text/phone call
Who in their right mind would use their FB login on other websites anyway.
I personally tend to avoid it like the plague.
Every time you use it you grant another website access to your Facebook profile data.
I don't think i want to share that.
Now i know there's some security there but honestly I don't thrust it Facebook is leaky enough as it is I would rather not push my luck by giving permissions to unnecessary things.
My flickr account is created with Google login. I wonder whether they'll force me into singing up for Flickr cause it's the service with most storage for photos out there (albeit the lack of desktop sync).
I can't remember my Yahoo login, I may have had one a decade ago. I don't really buy their excuse that removing social login helps in any way. As a developer, with social login, I have a username to link everything to just as much as normal server login. You can still have user records in your DB keyed on that, a settings page on your site that stores settings against that user, whatever you need. So how does removing social login improve personalization? I don't think it does. Just sounds like an excuse.
I wonder how many of the 10 remaining Yahoo users will be inconvenienced by this.
Seriously though, this is a good thing - third party sign in is a horrible idea and should die.
Why is it a horrible idea? I worked on the Site Integrity team at Facebook and I can assure you that protecting people's accounts from attackers is a fundamentally hard problem that very few companies are actually equipped to handle.
Ah yes, the good samaritians over at facefuck, providing a service for free. (Leave it to us, you're too stupid to handle this...)
Your disgusting business motives and my (consumer) interests do not align, at all.
That's pretty uncalled for. If you met a Facebook developer in person would you talk to them like that?
Facebook provides a service people find genuinely useful, or they probably wouldn't keep using it.
Their business motives don't seem much different from other large businesses, and their impact on consumer interests seem minimal (e.g. compare them to Target's accidental pregnancy revelations – which is worse?)
The are pushing society in new and interesting directions on privacy, but I don't think that is necessarily a bad thing, nor is it their fault (e.g. the invention of personal cars changed society a lot, positively and negatively, but no-one blames car companies.)
On the substantive point, when you see the number of credential leaks and account hijackings out there, maybe telling most developers "You're too busy and inexperienced to handle this well; we have many well paid experts working on this" is a good thing.
Because it adds a single point of failure, and erodes privacy by irrevocably linking accounts. There have also been security fails with many single sign in systems (including at Facebook...).
I would say you have a very bubble-ized perspective of who actually uses Yahoo. You'd be amazed at the non-tech people that aggregate on their services.
Third party sign in might not be ideal, but having to register for every crappy service and website is much much worse.
And flickr or tumblr have quite a bit more users than you've guessed.
That's why people have KeePass, or even LastPass if they are overly trusting of third parties.
Having a different password for every service is more secure than one for everything.
I'm not talking (just) about security. It's about convenience. It's annoying to go through million variations of registrations instead of approving the site with one click.
1. Enter username, and email address if not used as a username.
2. Enter password
3. Click link sent to email address.
Seems more convenient that having your privacy steadily eroded and introducing a SPOF.
Are we going to move back toward more 'walled-garden eco-systems' to protect the brand and improve internal lock-in of customer cash? Le Sigh.
I look forward to this being a trend that continues.
Unless I really, really, really want to use a service, I only use it if I can login with gmail or facebook.
I don't have time for your shit registration form or strange password requirements. I'm always logged into gmail and facebook, so those are always one-click accounts for me.
I understand wanting to become the identity provider, but the ship has sailed here.
Do you do your web browsing always logged into gmail and facebook? No criticism intended.
I use Chrome for accessing gmail, facebook, twitter, and linkedin - always logged in. For everything else I use Firefox with strong privacy settings. No overhead for me to do this, and this seems like a reasonable middle-road for privacy.
Yup, I do. I maintain pretty strict control of my physical security of the laptop. If anyone gets access to my physical goods, I have much bigger problems.
I WAS going to post that the only reason why I'd probably post a comment on this article was because the web is meant to be integrated.
But it seems they wanted me to sign up for an account first on recode. sigh
I thought LiveFyre was going to handle that. Hitting back also meant I lost my message.
If you want to use Yahoo services, you're going to need to have a hacked email account.
I have never been able to sigh into Flickr with anything other than by Facebook ID. All attempts by me/Yahoo to create an Yahoo ID that wasn't locked in some self defeating loop failed.
I've never been a fan of Yahoo or for that matter Hotmail; they force an ID on you which is then hijacked by their email servers to spam all your contacts...again...and again.
Why can't Yahoo just die gracefully ? Why do they have to inflict their death throes on Flickr Users ?