logoalt Hacker News

aeneas_oryyesterday at 5:54 PM1 replyview on HN

Auth is not stable, it‘s constantly changing and evolving and also a lot of work to keep secure, and scalable. Auth is critical infrastructure and certainly not free. Most companies with homegrown at some point go to a vendor because it is so much work to DIY.

I can’t speak for Vercel‘s goals or pricing - but Ory is evidently still open source while many others went other routes!


Replies

Natfanyesterday at 7:07 PM

i'm curious, outside of new models of authn (such as passwordless, totp, hash algos etc) and new models of authz (rbac, zero trust, etc), what else is "constantly changing"?

even the items i mentioned only change every 5 years or so, in my experience. i accept that there will be a lot of work preventing attackers from gaining unauthorized access, but again this feels partially solved by just rejigging the authn flow (rather than username -> password -> totp (leads to password sprays), just do username -> totp -> password)