If someone runs an auth server, and I use it to identify me, and then it goes away, then I’m out of luck, my account is gone. This is the same problem we have now (with logins being tied to instances), except that it introduces a new place for a failure to occur. Rather than just relying on a lemmy instance, I also need to rely on an auth server to be maintained, safe, and secure.

If I went to another auth server, then it’d give me a different identity and that would not make much sense.

Congrats you just invented passkeys

So we should make a remote single point of failure, maintained by someone who probably isn’t a security expert or working on it full time?

No, this is unfortunately the opposite of what we should be doing.

Nah mate, I don’t think I want to trust some rando identity server with my login, and self hosting just makes them easy targets.