SERIOUS OpenID and OAth2.0 flaw revealed

skull

Okay folks ANOTHER security issue you should be aware of.
A bug has been found in OpenID and OAuth 2.0, two authentication programs that let you log into web sites using your Google, Facebook, and other major accounts. Read here and here too

OAuth—and its alternative OpenID—let you log into sites or apps using your Google, Twitter, Facebook, or other credentials, without having to create yet another account or give the app more permission than necessary. OAuth and OpenID, in essence, authenticate you with the site or tell the site you are who you say you are and let you log in without having to enter a username and password.

For example; logging into LinkedIn you are asked if you’d like to use your Google or Facebook account credentials. Then you enter said credentials (FB or Google) and you can then get on because they then ‘authenticate/use’ your other credentials. You see this all the time on news sites and blogs – if you’d like to comment or post you’re asked for some sort of ‘authentication’ usually Google, Yahoo, Hotmail or Facebook etc..

THAT’S why I live by the mantra – use different credentials (username AND passwords) for EVERY site you login to!! AND NEVER ‘LINK’ ANY ACCOUNTS!
Though this may seem difficult given the amount of our lives that are now ‘online’ it is not that hard if you use an app/service like LastPass or KeePass. I NEVER use any ‘other’ account to login to any services – ever. Every account gets it’s own credentials. That way if one is compromised no other one will be.

Please be safe out there folks!