Relying on third-party authentication services can be considerably easier, cheaper, and more secure than creating your own authentication. Here’s why.
You may have noticed that we don’t create credit card processing solutions here. We use what already exists, as we do for authentication services, and there are some good reasons for that:
- Designing these systems is not our core competency. We’re good at researching languages and frameworks to design static analysis tools that help fix them.
- In accordance with #1, development time spent on a payment gateway should be minimized.
- We don’t want to absorb the financial and logistical overhead of storing credit card information and PII in compliance with PCI DSS (your company probably doesn’t either!).
- If there is any sort of data breach on the third party’s side, it’s “their problem.” If there is a data breach on our side, it’s our problem, but the amount and type of data breached will typically be far less impactful.
- The tooling that products like Swipe provide also includes user-level benefits, such as improved usability and performance.
You should rely on a third-party authentication provider too, rather than build your own. We’ll walk you through our rationale, but the evidence largely points out that outsourcing your authentication like you do with your credit card is, more often than not, cheaper, easier, and safer.
Let us be very clear up front. These systems are not perfect, and using them does NOT entirely absolve you of any security responsibilities. Many of the login providers have strong guidelines and best practices around implementing their systems securely. What these third-party authentication systems do is simply make the job significantly easier.
Now that we have that disclaimer out of the way, here are some reasons why you should consider outsourcing your authentication.