Main Area and Open Discussion > Living Room
Now you can "Log-In with PayPal"
You know how you can sign into sites using your Twitter, LinkedIn, Google or Facebook accounts? PayPal just launched something called "Log In With PayPal...
PayPal is rolling out a new identity solution designed to help streamline the mobile shopping experience. Unveiled at the Future Insights conference in Las Vegas, the payment company is launching Log In With PayPal. With this service, developers and third-party commerce sites can easily help shoppers pay for what they want with as few swipes and information needed — but still in a secure environment.
Log In with PayPal is not PayPal’s competitor to Facebook Connect or Google+ Sign In. However, it does leverage the OAuth 2.0 protocol that Facebook uses to authenticate users. The idea is that the company’s 128 million account holders can simply complete their purchase through the use of their username and passsword, or mobile number and PIN as a confirmation of their identity."
--- End quote ---
Wow, this is really becoming the "Teh New Hotne$$". Twitter has a decent reputation with me, having passed a "privacy standards survey" recently. Those other companies are all known for highly unclear privacy abuses! Now look who joins the party - Paypal!?
And it feels different this time, that they won't (very many of them) just fade away, they're getting "locked in" to the tech landscape. So someone somewhere definitely earned their consulting fees! But it's at the expense of the "freedom" of computing!
Stoic Joker:
I can't help but wonder if these "Identity Solutions" don't make it easier to steal someone's identity. I mean look at the prevailing wisdom of not reusing is this (global use identity account thing) really any different then using the same username and password for all of the shopping sites you've been to?
Frankly, it strikes me as being worse because at least with (granted incredibly foolish) reuse of passwords an ID thief is still restricted to using only the sites you've gone to. With this new "improvement" the thief can just go anywhere that accepts the service. All of the guesswork to see where your silly ass has setup a now exploitable account is totally eliminated.
My guess is that Pay-Pal's "Log Me In" will probably be a sight better in terms of security than the others, given the nature of Pay-Pal's business model and their already-in-use encryption and other security measures. However, the only log-me-in I've used is Facebook's. And only for site's where security isn't paramount (Goodreads, for example).
Stoic Joker:
My guess is that Pay-Pal's "Log Me In" will probably be a sight better in terms of security than the others, given the nature of Pay-Pal's business model and their already-in-use encryption and other security measures. However, the only log-me-in I've used is Facebook's. And only for site's where security isn't paramount (Goodreads, for example).-kyrathaba (May 01, 2013, 11:38 AM)
--- End quote ---
No no ... I wasn't trying to critique their ability to secure the service properly. I'm just pondering aloud the strategic wisdom in using that type of (SSO) service. Doesn't matter if it's PP, FB, or MS Live ... If the reward for breaching the target is that great - due to the ubiquitous nature of the exposure - It just strikes me as a dangerously tempting target.
[0] Message Index
[#] Next page
Go to full version