Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I worked around this problem by adding an entry in my password manager with a username of "OAuth: Use Google" or something like that, so I'm informed when I habitually check my browser extension or when I attempt to auto-fill during login.

It's inelegant and could be better, but good enough.



I found once I started using a cross-device password manager, I stopped using OAuth anyway!


1 password does this automatically


If you use a password manager (and my condolences to those who don't), there's really no benefit to using OAuth over an email sign up. It can prepopulate your personal information, but I usually don't want that for the services I sign up for.


There's a couple of services where I prefer to use github for sso because I need them to integrate with data stored there, and it makes sense to me to "bundle" those accounts. But that's very much an edge case.

Is this where I complain about companies that insist I install their MFA app rather than just letting me use Google Authenticator? You're not special.


> there's really no benefit to using OAuth over an email sign up

Except for the really big one, which is strong MFA provided by the identity provider even when the site doesn't support it natively.


I do the same. I'm happy with it. I thank my past self every time for having the foresight that future self would forget.


I don't know about other password managers, but 1Password can track this for you automatically.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: