Comment Re: Not a security flaw (Score 1) 161
That's something OAuth already addresses (which is why twitter and Facebook use it). When you log in via the portal page, it gives the third party app a token rather than letting them see your password. The token can be revoked at any time from your permissions page or the company can blacklist that app. Tesla's implementation shares the password with the third party apps AND the token can't be revoked early.