Hacker News new | past | comments | ask | show | jobs | submit login

> Yet here it is. Google can offer their services and the legal system seemingly doesn't want to be involved. Why ?

The real question is why do people use Google to sign in to other services? It never even crossed my mind no matter how long I have had a Google account.




I don't want more accounts and passwords. The security seems strictly worse than just authenticating against my email provider directly.


password managers are a thing. Takes literally 20 seconds to add a new one to a new account.


Why make logging in more complex and less secure? I use a password manager but it doesn't work as smoothly as signing in with Google.


There's no good reason not to use a password manager in 2020. I recommend this one: https://www.passwordstore.org/


No good reason until an exploit comes out that wreaks havoc.


You can use local ones like KeePassX.


There’s still good reasons. Mine is using public computers (library or school), or being able to use any computer at work in private browsing mode.

It’s also trivial to have passwords which are secure and easy to remember (literally off the top of my head): MyD0gb@rk$...


That is not a secure password. The phrase "mydogbarks" appears in several word lists and hashcat has had leetspeak rules for years now.


Hard to imagine what sort of exploit could come out that could cause havoc when the encrypted passwords are stored on your device.


Imagine a vulnerability in the password manager extension that allows a hacked site to fill in and scrape every login stored in the password manager.


I do use one. Doesn't mean I want another username and password to authenticate everywhere.


Is there an android app for it?


Ease. If you're already logged into Google, it's essentially a one click process.


I get that. But I also don't all my services to depend on Google at all, even if it's just a login.


The authentication service should ideally be under the control of the user. At least, the user should be able to choose one that they trust. I doubt it's an accident that current authentication systems lack that choice.


For similar reasons that you and I use password managers, but add lower friction to the mix.


One could even eliminate those same tasks (not wanting to remember a new password, and not wanting to use a password manager) by setting an unmemorable password and doing a password reset using a Gmail address every time they want to log in. "Log in using Google" basically does that same sort of thing but without the tedium of all the clicking/typing. The mechanism is much different but in terms of dependencies it's really the same.


Slack has this I think. You just sign in with a special link sent via email.


That doesn't sound like lower friction to normal people.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: