TunaBug
Member
Earl,
Just to clear up some confusion/misinformation.. when someone uses a 3rd party app or site for their Tesla, they are NEVER giving that 3rd party their Tesla username/password credentials.
Tesla doesn’t allow 3rd party access with simple. Username/password. When a 3rd party requests account information it is provided via an access token.
When a user attempts to log in with a 3rd party app/site, the login process is handed over to Tesla’s site. Once the credit credentials have been provided, the Tesla site grants the 3rd party site/app an access token and redirects the user back to the app/site.
Think of how many other apps have a “log in with Google/Facebook/Apple” method. This is the same thing.
The 3rd party never has or sees your log in credentials because the user is “handed off” to Tesla’s server when they are entering the log in credentials.
The 3rd party only can access the vehicle/account info because Tesla returned back with an authorization.
Hope this clears up the false fear of “giving your credentials”.
Additionally, if you still felt worried you could always set up 2FA (two-factor-authentication) for it to be virtually impossible for someone to use your account without authorization.
I won't attempt to speak for Earl, but the reason I think your comments come across as naïve is because you imply that giving somebody access via a token, instead of my Tesla password, makes it safe. I disagree with that. It still gives them access to my car, I am still trusting them to not abuse it, I am trusting that their well intentioned debug logs aren't sitting somewhere with wide access full of PII or being analyzed by their cloud services provider.
Or to put that another way: you seem to be concerned with the mechanism for proving trust. Whereas I don't want to trust an additional party, regardless of the mechanism.
"Them"/"They"/etc isn't meant to single out TeslaFi. I mean any third party.