OAuth is terrible.

/OAuth is terrible.

Pop quiz: who reading this can tell me what OAuth actually is and what it was designed to do?

Yeah. Thought so. But if you’ve ever used an app that connects to, say Twitter or Tumblr or Facebook, and have been redirected to the login page for that service before being redirected back to your original app, you’ve just encountered OAuth. And it’s not just terrible, but potentially dangerous (in the “hacking your passwords” security sense). Guy English at kickingbear gives a good rundown of exactly why this technology sucks and why you, as an end user, should be wary of it.

(Though good luck not using it, since it’s implemented–badly–everywhere. Oy.)

2014-10-07T09:32:22+00:0019th November, 2014|Tags: infosec|