|
|
|
|
|
|
by vidarh
4828 days ago
|
|
|
> Why should, for example, google, ever trust, say, fred's discount web hosting, enough to let them login to gmail? They're not. They're letting users who use Fred's discount web hosting as their authenticator to log in. Fred's discount web hosting won't even know when their users try to log in to gmail. Letting someone authenticate that way is no different than allowing passwords than many users reuse all over the net, including on dodgy sites that might very well take that gmail address and password they were handed and see if they can log in to the gmail account with it (want to be on how many users use the same password on their e-mail and other sites they sign up to _using_ that e-mail?), or writing it down all over the place. > Long term, how are we not going to end up with just a mishmash of who accepts what? If we do, we're no worse off than we are today. |
|
|