I wonder why haven't mail providers implemented a "single time password, only for websites to peek on the contacts list" feature; I presume it's because the concept itself is broken.
They have, it's called OAuth, and it doesn't involve giving sites passwords at all.
OAuth stands for Open Authorisation, not Open Authentication. While OAuth2 is often used for authenticating against other services, it is designed about authorisation, the ability to give other sites the ability to see info from your email account. Usually permissions are set at a modular level, so you could give sites to see who your contacts are, or your contacts and full name, etc.
OAuth stands for Open Authorisation, not Open Authentication. While OAuth2 is often used for authenticating against other services, it is designed about authorisation, the ability to give other sites the ability to see info from your email account. Usually permissions are set at a modular level, so you could give sites to see who your contacts are, or your contacts and full name, etc.