← Back to context

Comment by chis

4 days ago

Is this really just google=bad, though? I work at a startup and this seems like a legit security risk that I'm happy to learn about.

It seems like the only mitigation would be to let your HR SAAS know when your company shutters and ask them to delete the records. Or just squat the domain yourself as an ex-employee.

2 comments

chis

Reply
paxys  4 days ago

Yes it is, otherwise the title would be "don't use your email address to log in to any application" and it wouldn't be ragebait enough. The whole issue has nothing to do with OAuth and nothing to do with Google.

stevage  3 days ago

Mast domains aren't that expensive. Can a startup just buy 10 years of peace of mind in its dying days?