23 Mar
2020
23 Mar
'20
6:08 p.m.
I don't know about Fido, but i've been making that point about Oauth for a very long time. As a browser mechanism which implements a sandbox it's fine. But when you have apps that can reach out of the sandbox it is definitely not fine. Mike On 3/23/20 2:59 PM, Keith Medcalf wrote:
Both Fido and OAuth2 are inherently insecure.
While they may be better than nothing at all, they are only very slightly better than proper password selection and management.