I agree. And besides that I also think it's an incredibly bad idea to
train users, who are technically not very firm, to enter their
credentials on some random page that asks for it.
I'm a pro and even I can't tell how this is supposed to be safe. How
would you explain the security aspects to someone who can't distinguish
between google-search and the browsers address-bar?!
It's bad enough that loads upon loads of sites require people to use their E-mail address as a user ID. What a stupid policy, one that embarrasses many companies that should know better (YES, THIS MEANS APPLE).
When you force people to log in with their E-mail address, what percentage of the public also thinks they need to use their E-mail password? I'm going to guess at least half. Now, if that site is compromised by a hack or disgruntled employee or whatever, people's E-mail accounts are wide open and identity theft galore can ensue.
Not to mention that your E-mail address is on thousands of spammers' lists. Combine that list with lists of common passwords, and you have a shitload of compromised E-mail accounts right there.
Nobody should have tolerated this amateur-hour policy, but here we are.
I'm a pro and even I can't tell how this is supposed to be safe. How would you explain the security aspects to someone who can't distinguish between google-search and the browsers address-bar?!