On the Security and Privacy of Modern Web SSO, Presentation from 33c3

https://youtu.be/slxiQQC1SpY
Many websites allow users to log in with their Facebook or Google account. This web-based single sign-on (SSO), as it’s called, mostly uses the standard protocols such as OAuth and OpenID Connect, but how secure are these protocols? And what can go wrong?
In this 64-minute presentation from the 33rd Chaos Communication Congress (33c3), an annual conference organized by the Chaos Computer Club in Hamburg, DE, speaker Guido Schmitz breaks down the disadvantages of OAuth and OpenID Connect and demonstrates what can go wrong with them.
Schmitz will also examine Mozilla’s proposed authentication protocol, BrowserID (a.k.a. Persona), and discuss whether their proposition really solved the privacy issue, the lessons learned and what we can do better.
This article was written by Jeff Edwards on January 23, 2017
Jeff Edwards
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
- 17 Cybersecurity Podcasts You Should Listen to in 2020 - January 3, 2019
- What’s Changed: Gartner 2017 Magic Quadrant for Identity Governance and Administration (IGA) - January 28, 2018
- Crossmatch Integrates Keyboard Capture to Identity Management Software - November 27, 2017