Many websites allow users to log in with their Facebook or Google account. This web-based single sign-on (SSO), as it’s called, mostly uses the standard protocols such as OAuth and OpenID Connect, but how secure are these protocols? And what can go wrong?
In this 64-minute presentation from the 33rd Chaos Communication Congress (33c3), an annual conference organized by the Chaos Computer Club in Hamburg, DE, speaker Guido Schmitz breaks down the disadvantages of OAuth and OpenID Connect and demonstrates what can go wrong with them.
Schmitz will also examine Mozilla’s proposed authentication protocol, BrowserID (a.k.a. Persona), and discuss whether their proposition really solved the privacy issue, the lessons learned and what we can do better.
Latest posts by Jeff Edwards (see all)
- 17 Cybersecurity Podcasts You Should Listen to in 2019 - January 3, 2019
- What’s Changed: Gartner 2017 Magic Quadrant for Identity Governance and Administration (IGA) - January 28, 2018
- Crossmatch Integrates Keyboard Capture to Identity Management Software - November 27, 2017