Has anyone found details on the exact methods, steps Mozilla is using to "log users in without a password? I've searched & searched & found nothing with real details. Are they using oAuth along with something else? What are the privacy concerns if someone (who?) is using some data or a unique identifying string. If they're using oAuth along w/ something else, where do "they" get (unchanging) data, to identify users? Who's the administrator, if using oAuth w/ other software & getting tokens from the administrator? I've got a sinking feeling that Google may be involved. In which case, I may not be. For people that want other sites (or sites' software) to login to other investment accts, to up / down load data, etc., I guess that's OK. But it's hard enough maintaining security when only 2 entities are involved. Adding a 3rd party - that users have no agreement with (you're not logging into the oauth provider's site) increases odds of data being poorly protected. And oAuth 2 & anything similar has had & will continue to have security bugs. I would think if sites or providers started using encrypted password logins, it'd be a lot more secure & not another cook in the kitchen spoiling the soup. I would also guess large companies like Google, Mozilla (that are talking about oAuth) are looking more at tracking users on every site / service they offer more than "making it easier for the users."