cross-posted from: https://quokk.au/c/mildlyinfuriating/p/990534/why
How hard is it to implement email verification?
Google and youtube are the same login though…
Honestly i like these buttons from a user/security POV as oauth only passes back a “login successful” reply and an identifier to associate an account with. Less PII to spread around the internet.
I hate it when it afterwards still prompts me to create a full account, on some badly made sites. Why even allow oauth login if I still have to give you all my personal data…
If you host your own DB of users and passwords you are a target. Offloading it to as many wide-spread oauth providers as possible is a smart move.
Tell that to all the people whose google accounts of 20+ years got locked out with zero recourse or warning.
Where humour?
