| ▲ | sandeepkd 2 hours ago | |
Unfortunately its a common misconception, it feels easy, however auth is a lot more harder to do it right, specially when it comes to recovery. A simple example, protocol like TOTP (time based OTP) uses the concept of shared secret and almost every implementation stores the secret as it is in their databases | ||
| ▲ | whalesalad 40 minutes ago | parent [-] | |
I gotta say, this is not a very strong argument for not doing auth yourself. | ||