All very thoughtful arguments but I think this solution to these problems is flawed. I don't believe we should be solving authentication management problems by handing over all authentication capabilities and responsibilities to one or two mega companies.
Especially since those companies can wield this enormous power by removing my access to this service because I may or may not have violated a policy unrelated to this service.
While we are all waiting for the world to sort these problems out, companies that are not interested in solving them for the world will continue to use SSO techniques.
I’m very not impressed by this deep, extended critique of machine learning researchers using common security best practices on the grounds that those practices involve an imperfect user experience for those requiring perfect anonymity…
there's web3, where users have a private key and the public key is on a cryptocurrency chain, but adoption there has been slow. there's also a number of problems with that approach, but that's the other option on the table.
I want to believe, but sadly there's no market for it. unless someone wants to start a privacy minded alternative to auth0, and figure out a business model that works , which is to say, are you willing to pay for this better way? are there enough other people willing to pay a company for privacy to make it a lucrative worthwhile business? because users are trained to think that software should be free-as-in-beer but unfortunately, developing software is expensive and those costs have to be recouped somehow. people say they want to pay, but revealed preferences are they don't.
Especially since those companies can wield this enormous power by removing my access to this service because I may or may not have violated a policy unrelated to this service.
There has to be a better way.