- BiscuityCat@lemmy.worldEnglish14 days
It reminds of this:

There were more options on the website, but I forgot the name of the website, and I cannot find it now… :(
- Mercer@nord.pubEnglish9 days
The worst login option is Google and Facebook, because they don’t allow creating separate accounts without identity verification by phone number or by connecting a phone with Google services. For now, other services still allow creating an account without linking your identity, but that won’t last long 😢
- it_depends_man@lemmy.worldEnglish14 days
How hard is it to implement email verification?
Harder, actually.
That’s the point of OAuth, which is what you’re seeing there.
The idea is that you’re you and you have a… google account. This shitty little website doesn’t want to be responsible for you login details, because those can get stolen. Maybe they contain an email address, which is a problem. Software needs to be updated, it’s all a big. They don’t want to touch anything in terms of security that identifies you as you.
Maybe all the website does is save your favorite pepe memes. They don’t need anything else from you, but they still need to have something to get a user id and make sure nobody messes with your pepe meme collection. That’s where this system comes in, because the rest of website becomes significantly easier. They don’t need to store anything personally identifying, all they get is an ID and they can connect it with your pepes.
The only downside to OAuth is, as you can also see, that it’s corpos you don’t want to trust that are offering it.
- criss_cross@lemmy.worldEnglish14 days
Was just about to say getting Auth right is super hard. Getting someone else to do it for you is a godsend.
- lenocolomo@lemmy.mlEnglish14 days
While I get that, it is still unfortunate that no open-source, trusted variant can be part of the usual ways.
- foggenbooty@lemmy.worldEnglish14 days
There’s really no reason something like that couldn’t exist. A foundation would just have to decide to dedicate the resources to it.
The issue is it would have to gain significant adoption in order for web admins to think to include it. This list here is actually a lot larger than you usually see. It’s often just the big 2 or 3.
- fraksken@infosec.pubEnglish14 days
I have no account with the above. I wouldn’t make one for being able to use another service.
No idea what the product is here, but I guess I’m not their target audience. Which is fine.
- 13 days
Shitty little website…
I don’t know, man, I don’t want anyone that doesn’t understand or doesn’t give a shit about security trying to implement it.
That’s just a recipe for bad things.
- DaddleDew@lemmy.worldEnglish14 days
If you use the same Google account for a bunch of different third party websites, Google gets to associate your activity on those websites to you, giving them more points of data about you. They wouldn’t offer themselves as a login option if they didn’t make money out of it.
Also if you use your Google email for many other services it becomes even harder to ditch Google afterwards.
ikt@aussie.zoneEnglish
14 daysand what does that have to do with the random website that uses it for oauth?
- DaddleDew@lemmy.worldEnglish14 days
The website doesn’t have to handle the code and security for their own login system, which reduces costs for them too.
ikt@aussie.zoneEnglish
14 daysright… so it’s not data mining it’s just easier to maintain
somehow op has 46 upvotes for something that’s wrong
- psx_crab@lemmy.zipEnglish14 days
Money.
Also it kinda depend on how much you trust the website security and how much precaution you have. For general public who don’t really know how to protect themselves against hacking and databreach(those who might not know the existence of password manager), the option of letting a giant corpos handle the login is much better than to just blindly trust the website.
Also money.
Also the website might not want to build and maintain their own database for this(which cost money), so they outsource the login to other company.
And also money.





