Hmm... Trying to understand the benefits of this, earnestly. I mean... they still kind have to use a password though--getting into their email. I mean, it's possible they're logged in--but not guaranteed. I guess the benefit is you don't have to hash and manage their password. At the same time, you're taking them away from your site to login to your site.
The point is it's OAuth2. So now you have a token that can be used to access an API on the users behalf and you centralized your identites. Right now, taking someone away from your site to login to your site is considered a best practice. How do you think "login with Facebook/Google" works?
Fair comment. The impression I am getting is that we need to get better at explaining how our device authentication works. You only need to access your emails up until you have set up a trusted device which you can then use as a key for your accounts indefinitely.
Not managing the password is an ancillary benefit, also not having to store email addresses can be a benefit as they are personally identifying information that you have to store securly
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hmm... Trying to understand the benefits of this, earnestly. I mean... they still kind have to use a password though--getting into their email. I mean, it's possible they're logged in--but not guaranteed. I guess the benefit is you don't have to hash and manage their password. At the same time, you're taking them away from your site to login to your site.
The point is it's OAuth2. So now you have a token that can be used to access an API on the users behalf and you centralized your identites. Right now, taking someone away from your site to login to your site is considered a best practice. How do you think "login with Facebook/Google" works?
Fair comment. The impression I am getting is that we need to get better at explaining how our device authentication works. You only need to access your emails up until you have set up a trusted device which you can then use as a key for your accounts indefinitely.
Not managing the password is an ancillary benefit, also not having to store email addresses can be a benefit as they are personally identifying information that you have to store securly