Comment by chavesn

Comment by chavesn 4 days ago

0 replies

View on Hacker News

If oauth makes an authenticity claim, it should be true. Saying it's the same user when it's not is bad, clearly.

in other words: Google could make a more accurate authenticity claim than they currently do.

This problem would be worse without oauth, though, right? With plain email login, all they would need to do is "forgot password" and there wouldn't even be a way to tell.

in other words: Email login would never be able to make a more accurate authenticity claim.