Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
horsawlarway
59 days ago
|
parent
|
context
|
favorite
| on:
Google’s OAuth login doesn’t protect against purch...
So you use email/pass and the reset password email dumps right to the new party as well, because they control the MX records for the domain?
lxgr
59 days ago
[–]
That's why allowing account recovery using (exclusively) email is indeed a security problem.
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
