Hacker News new | past | comments | ask | show | jobs | submit login

Also other login providers haven't done massively stupid things like not authenticate the actual email address when issuing tokens... like common who in their right mind would want to adopt a new service with a piss poor security reputation for a critical security sensitive leg of their stack?!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact