CNET

OAuth 2.0 leader resigns, says standard is 'bad'

The standard grew too far away from its roots as a simple Web authentication technology, author Eran Hammer-Lahav says, and now is insecure and overly broad. Stephen Shankland worked at CNET from 1998 ...
secureidnews.com

OAuth 2.0: Enabling identity for the cloud, mobile

Digital identity is becoming increasingly important as enterprises strive to protect and control access to online resources. A series of maturing standards is helping make identity management and ...
Bleeping Computer

Over One Billion Android Users Susceptible to App Hijacking via OAuth 2.0 Attack

Problem lies with how app developers implemented OAuth 2.0 operations At the heart of the issue is the fact that the OAuth 2.0 protocol wasn't designed with mobile devices in mind, being created in an ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Threat Post

OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. Third-party applications that allow single sign-on via Facebook ...
TechCrunch

Google Brings OAuth 2.0 Support To Gmail And Google Talk To Make Third-Party Apps More Secure

Virtually all of Google’s APIs currently support OAuth 2.0, a framework for allowing third-party apps limited access to your data from other services, as their standard authentication mechanism.