Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Rule n1: don't roll your own security. Rule n2: goto 1

You are overcomplicating your authentication system by oversimplifying security problems and the result is that you have solved nothing.

Security always seems very easy to solve and usually non-security engineers tends towards solutions like yours that doesn't provide extra security, they just add a few extra steps for a hacker to obtain you database and as a result you need to maintain extra databases, there are more error points... Do you remember that thing about "each extra system exponentiates complexity"?



You don’t have to “roll your own security.”

You can easily put any open source security system behind a secondary system. Hell - it would already be a secondary system.

Not putting your passwords right next to the identifiers is a simple way to lower the impact of an email or password leak.

Also, that quote is bullshit.


Meh... I won't bother. Discuss your solution with a security guy you trust.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: