OAuth Security: Why We Never Ask for Your Password

Understanding OAuth

OAuth is the secure way to grant limited access without sharing passwords.

How OAuth Works

• You click "Connect Gmail/Microsoft"
• You're redirected to Google/Microsoft
• You see exactly what permissions are requested
• You authorize (or decline)
• Google/Microsoft issues a limited token
• PostSignup uses that token to send emails

What We Never See

• Your password
• Your full account access
• Any credentials

Benefits of OAuth

Security

• No password to steal
• Limited permissions
• Revocable access

Control

• You see what's requested
• You can revoke anytime
• You manage from Google/Microsoft

Trust

• Industry standard
• Used by major apps
• Regularly audited

Revoking OAuth Access

Gmail:

Google Account > Security > Third-party apps > Remove

Microsoft:

account.microsoft.com > Privacy > Apps > Remove

Access is immediately revoked. PostSignup can no longer send from your account.

OAuth vs App Passwords

Some services use "app passwords" instead of OAuth. This is less secure because:

• Full account access
• Stored passwords
• No granular permissions

PostSignup uses OAuth exclusively.