Why does every startup needs to store user data, passwords and personal information. Most of us reuse our passwords and so our accounts are as secure as the least secure website/startup where it was used. And, it is fairly easy to know if you are a user or not using the 'Forgot password' thing. There are other problems to take care of like rate limiting in case of brute force attacks, incorrectly configured security for OTPs, 2 factor support implementation, bad password hashing and salting, user data leaks due to incorrect use of authorization tokens.<p>I know there are companies like stormpath, auth0, userapp that are doing similar stuff but why is it not mainstream the way credit card storage, billing, support software have been delegated.