|
|
|
|
|
|
by realpeopleio
2993 days ago
|
|
|
> I also don't trust handing "identity token" over to that site any more than I trust Facebook. What happens if/when they get hacked? Will they then have my bank card details? Will the be able to use my identity token to access other sites? These points matter to me because I know nothing about the company and they are gearing themselves up for being an obvious target for attackers. A RealPerson code is not an access token. It's a unique code generated for a particular website. It's more like a coupon code and RealPerson.io will tell a website if it's valid. The website still handles creating the account and authentication etc., like it has before and does it however it wants, using whatever authentication it wants. But now the website can make a backend call and ask RealPerson.io if the code given is valid, meaning someone (who knows who) generated a code for this site. That's it. Then the website can validate that no other user has used that code when signing up on their website. The website doesn't know what account on RealPerson.io has the code. The website doesn't know what other websites the user uses (the codes are unique to each website). So RealPerson.io just knows codes and websites, and websites just know if the codes are valid. Nothing else is shared. Stripe processes the payment and credit card details are not stored in RealPerson.io. There are no identity tokens to steal. You have codes but you generate those on demand when you are signing up on websites. Once they are used, then there's nothing more you can do with them. RealPerson.io doesn't have any personal details on you besides the payment token from Stripe. No bank details. No usernames or passwords for other sites. No usage on other sites. |
|
|