• Zak@lemmy.world
    7·
    1 hour ago

    Because big players (other than StackExchange) never adopted OpenID where you could paste in an arbitrary URL for your identity provider.

    Also, OpenID probably shot itself in the foot by using a URL instead of something shaped like an email address, which would have allowed a zero-effort upgrade for the user if an email provider also wanted to offer OpenID.

  • thejml@sh.itjust.works
    421·
    5 hours ago

    Google and youtube are the same login though…

    Honestly i like these buttons from a user/security POV as oauth only passes back a “login successful” reply and an identifier to associate an account with. Less PII to spread around the internet.

    • clb92@feddit.dkEnglish
      5·
      2 hours ago

      I hate it when it afterwards still prompts me to create a full account, on some badly made sites. Why even allow oauth login if I still have to give you all my personal data…

    • bus_factor@lemmy.world
      29·
      4 hours ago

      This is fine for stuff I don’t care that much about, like an account with your hairdresser or a pizza place, but if you tie all your actually important stuff to the same account and you get locked out for whatever reason, now you’re locked out of your whole life.

      I prefer unique passwords and a password manager. But you do have to back up the password manager data as well as any data you have with cloud providers.

      • valar@lemmy.ca
        25·
        4 hours ago

        For me the bigger issue is privacy. If you’re using Google to log into everything, Google gets to add all of that activity to their profile on you, and track you as you use every website you go to. No thanks. Google doesn’t need to know I’m buying a pizza tonight.

        • bus_factor@lemmy.world
          5·
          3 hours ago

          That is also a concern and why I always default to a separate account even for those things, but I wouldn’t assume that data doesn’t get sold to Google regardless.

          • valar@lemmy.ca
            1·
            2 hours ago

            I prefer to use different email aliases for everything to mitigate that

  • ComradePenguin@lemmy.ml
    11·
    55 minutes ago

    I like this. I want to be able to quickly test the product and if I like it, I make an account afterwards with my email. So I’ve recently been trying a lot of API services for various things and being able to test it quickly and then just delete my account. I see that as a win. Should have email also

  • allywilson@lemmy.ml
    92·
    4 hours ago

    If you host your own DB of users and passwords you are a target. Offloading it to as many wide-spread oauth providers as possible is a smart move.

    • refalo@programming.dev
      11·
      3 hours ago

      Tell that to all the people whose google accounts of 20+ years got locked out with zero recourse or warning.