1. 6

  2. 6

    Some drawbacks:

    • now google even knows your private credentials to all the other services it hadn’t controlled yet, great.
    • the openid login we require with our gerrit always requires me to login at the redmine first, go back to gerrit, log in there picking openid, and then to again click ‘yes’ on the redmine that i allow it to trust gerrit. Suddenly the usual one-step password-manager-and-done becomes 4 steps that can never be automated the way the pw manager automates your normal logins.

    So maybe private managers of secrets are better than outsourcing them.

    1. 1

      Your first bullet indicates that you misunderstood how this works. There are no credentials.

      1. 1

        There are supposedly no credentials you enter on a website for the openid client, but you outsource them to an openid service, in our case redmine. There obviously still are credentials! Now i need to still tell gerrit (openid client) which openid service to use. I need to enter/click that EVERY time, pw manager will not help me there. Plus i need to make sure to already be logged in with redmine. In daily work the supposedly easier openid login becomes a major click orgy to reference the credential service, where other non-openid logins are me hitting enter (after unlocking pw manager once per browser session) and that’s it.

        1. 2

          what happens when you want to switch browsers or platforms or devices?

    2. 1

      SSH keys. :)

      1. 1

        For website logins?

        1. 1

          I rarely log to websites. <- The fact I can write this is a counter-example.

          But unfortunately, not.