• Chozo@fedia.io
    link
    fedilink
    arrow-up
    62
    arrow-down
    1
    ·
    5 months ago

    “Bank Robbers used Honda, Toyota, and Camry getaway vehicles”

    Like… okay? That’s hardly the issue. The login systems used have nothing to do with the crimes being committed.

    The article’s paywalled, so I dunno if there’s much more to it than this, but this seems like a ridiculous headline.

    • cm0002@lemmy.world
      link
      fedilink
      arrow-up
      16
      ·
      5 months ago

      Right, and the article makes it sound like a good thing that an SSO provider should be policing things. I see it as almost as bad as PayPal “policing” things against their moral code i.e. when they freeze funds for completely legal NSFW creators

      • tal@lemmy.today
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        5 months ago

        Right, and the article makes it sound like a good thing that an SSO provider should be policing things

        I’ve been very leery about the idea of letting companies own someone’s credentials via SSO in general, so if it encourages at least diversification away from a few SSO providers, I’m kind of enthusiastic about SSO providers imposing restrictions on people using their services.

      • schizo@forum.uncomfortable.business
        link
        fedilink
        English
        arrow-up
        16
        ·
        5 months ago

        Yeah. You have to make a developer account to make an API token in order to setup any of those oauth options.

        Granted, you could just put in random bullshit in the developer accounts, but generally I’d bet google would still know who the person involved is.

      • MagicShel@programming.dev
        link
        fedilink
        arrow-up
        7
        ·
        5 months ago

        So I’m thinking back to the times I’ve used it. I want to say I assume they have a way to track where this is being used based on referrer, but I don’t remember clearly enough. I don’t think a given token has to be tied to any URL. You just get a token and validate it with a service.

        But people who use it on a daily basis could probably answer more definitively. I’ve just used it a couple of times and didn’t bother retaining it because it’s easy to figure out when you need it.