OAuth Sucks

OAuth is the biggest pile of crap and any security benefits that there might be are vastly out-matched by the constant annoyance that is using it.

What I love in my life is whenever I try and log into a website, I have to play this game where I have to figure out, “which OAuth provider did I create an account with?”

Because if I accidentally click the wrong one, I guess I now have a new account that doesn’t have any of my other details in it.

I don’t know who decided that this was a good idea. But, security at the expense of a user’s… USABILITY… Is not OK.

OAuth sucks.

Stupid Arguments Include

1. Just stick to one provider - No, how about I don’t lock my identity in with some random massive corporation. When did digital sovereignty become not a thing?
2. Just remember which one you picked - How about I just use a password manager, and then just never have this issue ever again and never “have” to pick anything? Why are we adding this complexity? Plus, sometimes they just up and don’t support some OAuth providers. Some sites might not support Apple, or Microsoft, or GitHub, etc.
3. But, it’s more secure - No, it’s not. Any system which increases the complexity for the user is innately less secure. If I ask your mum to carry around a hardware key, have a passkey on her phone, 2 factor auth, then remember which OAuth provider she shows, then have a password to remember… This isn’t “More secure” It’s more dumb.