Conversely however, if the social account is compromised, then all other websites it is linked to are compromised also. For this reason, I generally have site specific accounts with unique passwords for each (managed via 1Password). That way, if one is compromised, then nothing else is compromised. OAuth is also notorious for mistakenly Implementing insecurely, leading to security vulnerabilities.
Very true. A known con with the system. The ideal situation is to have everyone using a password manager with 2FA setup, but a large portion of internet users today are still stuck on reusing their username/password across sites. In my opinion, OAuth is a good step up for those users and slowly getting them to a more secure setup like a password manager with 2FA is the next step.
I was also reading an extremely interesting thread on twitter on using Ethereum as a way to implement single sign on.
@k776
just to clarify this article is a primer into why OAuth is a good step up from username/password and how it works internally.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Conversely however, if the social account is compromised, then all other websites it is linked to are compromised also. For this reason, I generally have site specific accounts with unique passwords for each (managed via 1Password). That way, if one is compromised, then nothing else is compromised. OAuth is also notorious for mistakenly Implementing insecurely, leading to security vulnerabilities.
Very true. A known con with the system. The ideal situation is to have everyone using a password manager with 2FA setup, but a large portion of internet users today are still stuck on reusing their username/password across sites. In my opinion, OAuth is a good step up for those users and slowly getting them to a more secure setup like a password manager with 2FA is the next step.
I was also reading an extremely interesting thread on twitter on using Ethereum as a way to implement single sign on.
@k776 just to clarify this article is a primer into why OAuth is a good step up from username/password and how it works internally.