On the Security and Privacy of Modern Web SSO, Presentation from 33c3

Many websites allow users to log in with their Facebook or Google account. This web-based single sign-on (SSO), as it’s called, mostly uses the standard protocols such as OAuth and OpenID Connect, but how secure are these protocols? And what can go wrong?

In this 64-minute presentation from the 33rd Chaos Communication Congress (33c3),  an annual conference organized by the Chaos Computer Club in Hamburg, DE, speaker Guido Schmitz breaks down the disadvantages of OAuth and OpenID Connect and demonstrates what can go wrong with them.

Schmitz will also examine Mozilla’s proposed authentication protocol, BrowserID (a.k.a. Persona), and discuss whether their proposition really solved the privacy issue, the lessons learned and what we can do better.

 

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff