I am wondering - is using Google Accounts login (in a setup similar to this) secure enough for financial services (you can assume that if someone logs into your account, your money gets stolen)?
On one hand, if you tell the users to create a new Google Account for the service, add 2FA and so on, you would be relying on a company with a lot of experience to prevent unauthorized login attempts. At the same time, some people will use their main Google account to log into everything and their accounts will probably get compromised, and rolling out your own solution means you have to play catch-up with years of security expertise and new vulnerabilities.
What is the consensus on how secure Google Accounts login is in this scenario?
Aucun commentaire:
Enregistrer un commentaire