• @ricecake@sh.itjust.works
    link
    fedilink
    English
    725 days ago

    It’s functionally equivalent to the security of the account recovery process.

    So it doesn’t reuse the password, since the second site can’t lose the password it doesn’t have, but it sets the limit on the security of the login to that of the security of the email providers login.
    Usually, that’s actually an improvement, since the big email providers most people use tend to enforce reasonable minimums, have good security teams, and people tend to secure their emails better than random sites.