OAuth and OpenID puts you at risk

accountsoauthopenidOAuth and OpenID are technical terms used to help verify you using your Facebook or Google accounts into some sites. You see it on your Android phone as a yellow bar showing your Google Account email and asking should you log in, with an easy Yes/No button.

oauthlogoThey use your existing accounts to make it simple and easy to login to sites. Without them you would have to go through the hassle of setting up an id everywhere. The problem, there is a problem with them. A hacker can trick you into providing your information and instead of it going to Facebook or Google to say you are ok they can intercept you information. This can steal your id, email, contacts and a range of information. Here’s the bad things, there is no plan to fix it.

android oAuth


What should you do, there’s no easy answer. You can deny all of these by closing the site when you see it or do research and learn carefully the exact places they should pop up and don’t access them unless you start from those points. This makes the ease of use an order of magnitude harder than just setting up an id and remembering it in lastpass.

For my part I’m going to continue using it in select places for well know apps and sites. I’ll add it to the ever-increasing pool of what I need to keep a mental list of what’s good and double-check every occurrence when I have to verify.

No Comments

Comments Closed