___

  • gravitas_deficiency@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Jesus tap dancing christ. I understand the difference between CC + CCV + expiry date and an oauth token (or whatever protocol they’re using for identification and authentication). I’m saying that not expiring auth codes when new cards are issued is a security and privacy issue. Users should ideally be given a switch to opt in to behavior like that. It should not be the default.