In your example, the user is logging in to BAD.com, thinking it is GOOD.com. In ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jaggirs 5 months ago \| parent \| context \| favorite \| on: Emailing a one-time code is worse than passwords In your example, the user is logging in to BAD.com, thinking it is GOOD.com. In the OP's example, the user is logging in to BAD.com intentionally, but his GOOD.com account is still hacked into. This is a lot harder for the user to catch on to.

account42 5 months ago [–]

Specifically, that OP describes sounds like a plausible log-in-with-big-tech-company flow that is really common these days.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact