[cm2187]

Well that was the promise of OAuth. But then that service company (in this case Google and Facebook) have full and perfect visibility on all the websites you use which raises some other problems. Which is why I never wanted to touch it and why I think they are not so popular.

What I really like is concepts like Steve Gibson's SQRL, which provides a pretty secure alternative to passwords, but in a fully decentralised way, i.e. SQRL only provides the protocol and the cryptography, but the authentication only involves you (and your devices) and the website, no reliance on a third party.

[oneeyedpigeon]

You think OAuth didn't take off because people are too aware of security/privacy issues? I think it's the exact opposite reason.

[cm2187]

I see a lot of people who find these privacy issues creepy. They might not necessary care enough to get off google, gmail or facebook, but care enough to install an ad blocker, and I presume declining to use facebook to login to some place.