Managing sign-in credentials has become a complex process. In the beginning, we had just password complexity (e.g. minimum length, at least one number, at least one letter) to deal with. Nowadays, a robust sign-in process also has to deal with password history (don't re-use passwords), account lockout (after a number of unsuccessful attempts), password recovery (security questions), and most recently, multi-factor authentication (using your mobile phone to retrieve a secondary passcode). Rather than dealing with this complexity, it is far simpler to delegate the sign-in process to a 3rd-party service. That's where OAuth comes in. It provides an open standard for performing that delegation.
Read moreTwo-Step Login: Not Always as Safe as You'd Think
Two-step login is a mechanism whereby the user needs to present two pieces of information in order to log into a service. Best practice dictates that these two pieces of information represent "something you know" and "something you have." Lately, companies have been using codes sent via text message as "something you have," but this mechanism is not nearly as secure as one might think. Better solutions to exist and should be used.
Read more