Dan Moore

And then there was a use case and then they needed to ask for a little bit more. And there was another use case and they needed to ask for a little bit more. Right. And then they can't differentiate between whether you're doing the simple use case where all they need is the email and password or not your password, sorry, just your email or the complicated one.

And then there was a use case and then they needed to ask for a little bit more. And there was another use case and they needed to ask for a little bit more. Right. And then they can't differentiate between whether you're doing the simple use case where all they need is the email and password or not your password, sorry, just your email or the complicated one.

That's my guess on what happened based on kind of what I've seen over the years is best of intentions. But GitHub having coarse grain permissions makes it really tough to like ask for just what they need.

That's my guess on what happened based on kind of what I've seen over the years is best of intentions. But GitHub having coarse grain permissions makes it really tough to like ask for just what they need.

I would love if we would do that if everyone was using a password manager. And I think, you know, depending on your audience, that could be a viable path. And I, But for a lot of customer-facing organizations or applications, that's just not reality. My wife is a relatively smart person, has more degrees than I do, is not super technical, and gets super frustrated with her password manager.

I would love if we would do that if everyone was using a password manager. And I think, you know, depending on your audience, that could be a viable path. And I, But for a lot of customer-facing organizations or applications, that's just not reality. My wife is a relatively smart person, has more degrees than I do, is not super technical, and gets super frustrated with her password manager.

And I have one that I've been using for years that I love that... is fantastic, but I would never wish it on anybody else because it's kind of, it's old school. Right. So really, uh, it's called a password safe. Um, March, not, uh, not, I think, uh, who's the Schneier guy, Bruce Schneier recommends it and, um, it's open source and just kind of super dumb, but, um,

And I have one that I've been using for years that I love that... is fantastic, but I would never wish it on anybody else because it's kind of, it's old school. Right. So really, uh, it's called a password safe. Um, March, not, uh, not, I think, uh, who's the Schneier guy, Bruce Schneier recommends it and, um, it's open source and just kind of super dumb, but, um,

It's not like integrated with any external systems because that's the other worry that I have with password managers like 1Password or LastPass we've seen is they are super valuable targets, right? Because they have everything. For sure.

It's not like integrated with any external systems because that's the other worry that I have with password managers like 1Password or LastPass we've seen is they are super valuable targets, right? Because they have everything. For sure.

I think you should always offer username and password as an option because I think you're going to have some subset of people who are going to be more comfortable with that. But I don't think that it should be the only solution.

I think you should always offer username and password as an option because I think you're going to have some subset of people who are going to be more comfortable with that. But I don't think that it should be the only solution.

I mean, here's the nice thing about a password, right? Like the strengths of the password and the weaknesses of the password are very similar. One is that it is something that can be shared really easily, right? And that can be shared with family or friends and it can also be shared you know, are discovered by an attacker.

I mean, here's the nice thing about a password, right? Like the strengths of the password and the weaknesses of the password are very similar. One is that it is something that can be shared really easily, right? And that can be shared with family or friends and it can also be shared you know, are discovered by an attacker.

I think you need to, as someone holding passwords, right, any of the systems, you need to make sure you take care of passwords. You need to make sure that you hash them appropriately. You make them hard enough to use for an attacker that you can avoid credential stuffing attacks. but easy enough for users to use. And I think the reason is that it's lowest common denominator, right?

I think you need to, as someone holding passwords, right, any of the systems, you need to make sure you take care of passwords. You need to make sure that you hash them appropriately. You make them hard enough to use for an attacker that you can avoid credential stuffing attacks. but easy enough for users to use. And I think the reason is that it's lowest common denominator, right?

Like I have definitely liked Tailscale, Adam, but this was a different company that all they offered was social login. And that is... frustrating to a certain class of people, to a certain set of people who don't want to necessarily tie things to third party providers, or maybe they don't want you to know that their particular email, they want to use a username, right?

Like I have definitely liked Tailscale, Adam, but this was a different company that all they offered was social login. And that is... frustrating to a certain class of people, to a certain set of people who don't want to necessarily tie things to third party providers, or maybe they don't want you to know that their particular email, they want to use a username, right?

You can't use magic links with username based solutions. And for certain kind of sets of folks, right? Or even classes of applications like games are a perfect example. Games don't need to know your real identity. That's a dumb thing. So I don't think they're going away. I think that there are great solutions that you should offer.

You can't use magic links with username based solutions. And for certain kind of sets of folks, right? Or even classes of applications like games are a perfect example. Games don't need to know your real identity. That's a dumb thing. So I don't think they're going away. I think that there are great solutions that you should offer.