South Africa On Lockdown - Coronavirus - Update!
Michael Thomas
mike at mtcc.com
Mon Mar 23 22:08:35 UTC 2020
I don't know about Fido, but i've been making that point about Oauth for
a very long time. As a browser mechanism which implements a sandbox it's
fine. But when you have apps that can reach out of the sandbox it is
definitely not fine.
Mike
On 3/23/20 2:59 PM, Keith Medcalf wrote:
> Both Fido and OAuth2 are inherently insecure.
>
> While they may be better than nothing at all, they are only very slightly better than proper password selection and management.
>
More information about the NANOG
mailing list