On Wed, Feb 22, 2023 at 13:32 Julian Bradfield via mailop <[email protected]> wrote:
> In what way is it easier to revoke an OAuth2 token than it is to > change a password? It’s easier to revoke access of a specific app without interrupting the users access to other apps. Vs. Invalidating the password which interrupts everything… Most people have no clue about how OAuth2 works. Correct. And they don’t have to. Just like most people don’t know how IMAP, SMTP or MIME works — still they use email. They just know that it's something that gets in the way of working > practices they've been using for 40 years. Data of actual normal users (and the abuse we see) suggests otherwise. And I guess people also argued that filling up a car with petrol gets in the way of working practices they’ve been using for 100 years…
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
