I’m very concerned about the security of user account credentials. I am sure this has been considered and there were discussions a while ago about how to lessen the impact of credentials being stolen, by having different security levels and access controls for different data within a user’s account (Feature Request: Persona Trees by @oillio)
But what is to stop an APP stealing credentials entered to use it?
Maybe this is catered for, but @viv’s authentication example (Google hangout video) suggests that it is up to APPs to obtain and supply credentials and perform the login, which would mean that the APP has access to the username, password and PIN.
If this is so, what stops an APP from stealing those credentials?
If not, how does authentication really work cos I must have misunderstood that code sample!