|
|
|
|
|
|
by snowwrestler
669 days ago
|
|
|
If I log into Acme Widgets website via “login with Google,” then I don’t necessarily have an email or password with Acme, I have a delegated (SSO) account. In many auth systems you cannot use “forgot password” to convert SSO access to username and password. You have to actually log in and change it there. But of course if Google has locked you out, you can’t log in with Google. And anyway… if Google has locked you out, you can’t access your Gmail to reset your password, even if Acme auth lets you. In contrast: if you log into Acme with username and password, you can authenticate with Acme at any time, even if Google has locked you out. Acme does not need to check with Google to log you in… even if your username is a Gmail address. If you’re going to use a password manager anyway, just do a fresh username / password whenever possible for each new service. It’s the most resilient and future-proof way to go. |
|
|