Doesn't logging into 3rd-party HN apps post a sercuirty risk?

Question

There is no OAuth for HN Login. There is no mention of HN Login in the official doc. https://github.com/HackerNews/APIIn this case the only way to do HN Login is for 3rd-party to manually handle the login credential and do a POST to https://news.ycombinator.com/login to obtain an omnipotent token that expires in 18 years.Doesn't this post a sercuirty risk? Shouldn't third-party service providers inform users about this? Or is it a common practice to not mention things like this to the end users? (All the HN apps I have come across with amazing ratings have 0 mention about this risk on their app page and inside the app.)Or is there another way to do HN Login that is safe and I'm simply not aware of?

brudgers · Accepted Answer

What is the risk of a hijacked HN account? It's not nothing but it's not at a bank. There's the potential for mischief but probably not ruin. Even disconnecting from all networks isn't 100% safe. Security practice should be related to risks. It's engineering. Good luck.

notlukesky · Answer

Every login has a security risk by definition including HN.