In all seriousness though, this is a good thing. FB login has become so prevalent, that not having it hurts more than it helps. At the same time, they used to change APIs so often, that keeping it working was a royal pain.
Although it's much easier to implement these days, especially with services like http://hull.io, it's yet another part of one's site/app to worry about.
Good for Yahoo!
If we want people to be safer, we should learn them how to use a password manager to generate a unique password for every site.
And since access to passwords requires two things (the password to the password manager and the password database), it's arguably more secure, even with a weak password.
For what? as a consumer,what service Yahoo does offer that would make me want to get a yahoo id?
As a developper ,Yahoo has a few interesting services but that's it. Yahoo's shopping spree is over but it did not make it more relevant.
Seems like they're giving people a reason to use their products, and then making a play to have an OAuth-level relationship with the users. Maybe they want visibility into how a user authorizes third-party apps (FB gets an awful lot of insight from FB connect!) or maybe they just want to solidify their user lock-in.
Either way, I can't imagine they justified the engineering work for massive redesign on seemingly not-profitable properties like Weather/Flickr without having a solid long-term plan for how to capitalize on that.
[1] http://www.engadget.com/2013/08/15/yahoo-weather-android-red... [2] http://blog.flickr.net/en/2013/05/20/a-better-brighter-flick... [3] http://techcrunch.com/2014/01/03/yahoo-sports-gets-ios-7-red...
I personally tend to avoid it like the plague.
Every time you use it you grant another website access to your Facebook profile data.
I don't think i want to share that.
Now i know there's some security there but honestly I don't thrust it Facebook is leaky enough as it is I would rather not push my luck by giving permissions to unnecessary things.
Seriously though, this is a good thing - third party sign in is a horrible idea and should die.
Your disgusting business motives and my (consumer) interests do not align, at all.
And flickr or tumblr have quite a bit more users than you've guessed.
Having a different password for every service is more secure than one for everything.
I don't have time for your shit registration form or strange password requirements. I'm always logged into gmail and facebook, so those are always one-click accounts for me.
I understand wanting to become the identity provider, but the ship has sailed here.
I use Chrome for accessing gmail, facebook, twitter, and linkedin - always logged in. For everything else I use Firefox with strong privacy settings. No overhead for me to do this, and this seems like a reasonable middle-road for privacy.
But it seems they wanted me to sign up for an account first on recode. sigh
I thought LiveFyre was going to handle that. Hitting back also meant I lost my message.
I've never been a fan of Yahoo or for that matter Hotmail; they force an ID on you which is then hijacked by their email servers to spam all your contacts...again...and again.
Why can't Yahoo just die gracefully ? Why do they have to inflict their death throes on Flickr Users ?
Facebook provides a service people find genuinely useful, or they probably wouldn't keep using it.
Their business motives don't seem much different from other large businesses, and their impact on consumer interests seem minimal (e.g. compare them to Target's accidental pregnancy revelations – which is worse?)
The are pushing society in new and interesting directions on privacy, but I don't think that is necessarily a bad thing, nor is it their fault (e.g. the invention of personal cars changed society a lot, positively and negatively, but no-one blames car companies.)
On the substantive point, when you see the number of credential leaks and account hijackings out there, maybe telling most developers "You're too busy and inexperienced to handle this well; we have many well paid experts working on this" is a good thing.
2. Enter password
3. Click link sent to email address.
Seems more convenient that having your privacy steadily eroded and introducing a SPOF.
So it's popular, though has lost it's top spot.
Actually, the recent changes made me quit Flickr. It's now an ugly mixture of new and old (especially if you use the organiser, etc.) and when you are logged in (which is likely when you use Flickr) you get an unremovable, ugly, purple Yahoo bar.
I was a paying user since 2009. Now Smugmug gets my (and my wife's) money.
Users, when you ask them, want a service that handles the backup and synchronization of their identity between all their devices. Users don't want losing the device their keys are on to mean losing their identity. Users want to be able to join a new device to their identity by just entering their username and password on it. Users want to be able to enter those credentials on random public computers to be able to temporarily use their identity on those computers, then log out when done. And users don't care about the security implication of any of this.
Currently, given this set of use-cases, "identity providers" like Facebook and Google work perfectly for users. Password managers don't.
It's up to those of us who actually care about such things to give users what they want in a way that gives us what we want.
If I root your box, and watch you type, I have the password to your password manager, and the password database.