Third-party authentication isn't suitable for all applications, of course. If you find yourself implementing your own authentication using passwords, the first thing to consider is your password complexity rules.