
Ask HN: Doesn't logging into 3rd-party HN apps post a sercuirty risk? - archibaldJ
There is no OAuth for HN Login. There is no mention of HN Login in the official doc. https:&#x2F;&#x2F;github.com&#x2F;HackerNews&#x2F;API<p>In this case the only way to do HN Login is for 3rd-party to manually handle the login credential and do a POST to https:&#x2F;&#x2F;news.ycombinator.com&#x2F;login to obtain an omnipotent token that expires in 18 years.<p>Doesn&#x27;t this post a sercuirty risk? Shouldn&#x27;t third-party service providers inform users about this? Or is it a common practice to not mention things like this to the end users? (All the HN apps I have come across with amazing ratings have 0 mention about this risk on their app page and inside the app.)<p>Or is there another way to do HN Login that is safe and I&#x27;m simply not aware of?
======
brudgers
What is the risk of a hijacked HN account? It's not nothing but it's not at a
bank. There's the potential for mischief but probably not ruin. Even
disconnecting from all networks isn't 100% safe. Security practice should be
related to risks. It's engineering. Good luck.

------
notlukesky
Every login has a security risk by definition including HN.

