While this is certainly handy. I forsee lot's of problems for users typing their gmail password to autenthicate for other sites. Phishing has been around for a long time, and by using these authentication mechanisms it will only get easier.<p>For users it's not clear which site is legit.<p>This is legit:
hxxps://www.google.com/accounts/ServiceLogin?service=lso&domain=Socialauth.uswaretech.net&anonSign=1&continue=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud%3Fst%3DBDKB7DbZLrOEjmE3c2kS<p>This is not:
hxxps://www.google.com.evilsite.com/accounts/ServiceLogin?service=lso&domain=Socialauth.uswaretech.net&anonSign=1&continue=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud%3Fst%3DBDKB7DbZLrOEjmE3c2kS<p>For the avarage user, logging in means, click on the bookmark, see if a loginform pops up, log in.
Now it's go to random site, get asked for your gmail password, and type it or else 'no cookie for you'.<p>That being said, I have no solution for the problem.