[rygxqpbsngav]

Looks nice for web apps. Not sure how this fares for mobile apps.

Interesting model with imminent flaws I suppose. If I share the login email to anyone, they can simply click on it and login and use premium services (e.g. Netflix etc) if they use this API?

Also, if the email is hacked!, the dashboard on fast.co shows all the sites that use the API, so all of them are compromised nicely without effort, very huge security flaw IMHO.

[IvarsIndriks]

Having access to email is huge issue not only for fast.co but for all sorts of services. Little hope is 2 factor auth.

[rygxqpbsngav]

But that doesn't expose all other accounts associated with that email address in general. But this approach makes them all vulnerable at-once which makes the hacker login to any site I am registered with that logs in using this service.