@chucker with mine it went —

MomAndPop customer support!
— hi, i’m trying to sign in but i forgot to record my password & i’m not getting any emails when i put in [my email] and tap “forgot password!” i’ve checked spam already
OK, there’s no account associated with that email, so…
— ohhhh i must have used .. something.. else. i’ll try things. sorry. this really changed the game for these kinda tickets didn’t it
OK, glad i was able to help! please rate my customer service

@mood I imagine what most people do is click the first logo they’re familiar with… and then everything else is a blur.

@mood I wonder if this opens them up to social engineering, though. They must have some kind of token, and probably more than that, that says “Mood signs in via LinkedIn® Premium”, but if they look that up on the phone call, someone could increase the attack surface

Like, even telling you whether the account exists is already controversial among infosec circles, no?

@chucker it is! i assumed that was a large part of why “forgot password” stopped automatically offering any difference in error messages depending on account status (used to be more common — even thought of as user-friendly — to offer up ‘no account with that name exists’.. i now shudder)

@mood yeah

@chucker but yeah like you said, could use this new process to figure out which SSO to target for access to the most other services; other things .. 😭