The post doesn't say you should give out your login. It says you should encrypt ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

akane on Jan 16, 2019 | parent | context | favorite | on: Why access and API tokens are the new passwords bu...

The post doesn't say you should give out your login. It says you should encrypt your access tokens and explains some security implications of current implementations that use them, like how they often give too broad permissions. When you change your password, you often need to reauth all of your devices, but you don't need to reauth your access tokens.

Arzh on Jan 16, 2019 [–]

Why would I want the access tokens to be revoked if I change my password, unless I revoke the token it should be valid.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact