Or at least, not to use Facebook auth.

As you probably know Facebook just disclosed a data breach of at least 50 million accounts (likely many, many, more than that).

Amid of all the info that's coming out something caught my attention:

rat king

@mikeisaac

Via guy rosen -- this hack is even worse than people thought.

The hack gave you complete access to the facebook account, which meant you could access ANY OTHER CONNECTED APPS that used Facebook Login.

21:16 PM - 28 Sep 2018

rat king

@mikeisaac

The idea that facebook "doesnt know what information people have accessed" is disingenuous. FULL ACCOUNT ACCESS means they could do literally everything you do on Facebook.

21:23 PM - 28 Sep 2018

Which reminded me of this post by @michael:

When signing up or logging into an app, do you prefer OAuth (authentication w/social media account) or email sign up/sign in?

Michael Lee 🍕 ・ Sep 19 '18 ・ 1 min read

#discuss

There are advantages on using OAuth delegation to login your users, unfortunately this means that if such account is breached all those apps linked to it are vulnerable.

Although I haven't seen Facebook only apps/websites in a while, if you don't really trust the login provider (who trusts Facebook nowadays?), please provide an alternative path for your users's authentication.

ps. Facebook took three days to disclose this to the public