> What if Facebook or Twitter were hacked? Your social profile would be at risk (the sun would still rise tomorrow), but so would any other account on other services that are connected. That’s a little scary. Yes, Facebook and Twitter are good at security, but nobody, NOBODY, is perfect. Social login buttons delegate control of your users’ credentials to another service, rather than ensuring security yourself.
Well, nobody is perfect, but some are better than others [0]. Security is hard. In my case, I'd trust services like Twitter and Facebook more than myself right now (they have tons of good engineers and much more to lose in case of a security breach). Like many other things, this is a trade-off.
This is doubly true when it comes to Mozilla's Persona. I implicitly trust my email provider more than any other site's login system (at least, the ones that email password resets), so why not delegate to that all the time instead of insisting on a different username and password?
Well, nobody is perfect, but some are better than others [0]. Security is hard. In my case, I'd trust services like Twitter and Facebook more than myself right now (they have tons of good engineers and much more to lose in case of a security breach). Like many other things, this is a trade-off.
[0] - http://lesswrong.com/lw/mm/the_fallacy_of_gray/