On the Security and Privacy of Modern Web SSO, Presentation from 33c3

Many websites allow users to log in with their Facebook or Google account. This web-based single sign-on (SSO), as it’s called, mostly uses the standard protocols such as OAuth and OpenID Connect, but how secure are these protocols? And what can go wrong?

In this 64-minute presentation from the 33rd Chaos Communication Congress (33c3),  an annual conference organized by the Chaos Computer Club in Hamburg, DE, speaker Guido Schmitz breaks down the disadvantages of OAuth and OpenID Connect and demonstrates what can go wrong with them.

Schmitz will also examine Mozilla’s proposed authentication protocol, BrowserID (a.k.a. Persona), and discuss whether their proposition really solved the privacy issue, the lessons learned and what we can do better.

 

Jeff Edwards
Follow Jeff