Search the Community
Showing results for tags 'twitter'.
-
SSO is almost everywhere, and once embedded it is as hard to dig out as a tick. It is a battle I have been fighting the last year, those in charge want things easy for the employees and the employees don't want to have to remember lots of passwords. I get it. But I get paid to worry, and what I see is an attacker breaking the SSO password and now having access to all the applications our employees use, many of which have access to both personal Personally Identifiable Information (Pii) as well as Health information. So the issue is really simple, the user need only remember one password and the attacker need only break one password to have the keys to the kingdom. Social logins are the same way. SSO is simply easier for you isn't it? But now Facebook has lost 50 mil. tokens that can be used to get into those users other sites. They can now breach your twitter account, facebook account, Google account and what else? If I can now get in your Google account, I can reset things, I can change your telephone number to mine, have your second authorization come to my phone. Ask yourself, is my mobile phone number available on my accounts? Ever heard of SIM Switching? I can call a mobile phone host, create an account and say "I want to come to you, please switch my telephone number" and usually with little to no checking of authorization they will activate your number in my new phone, now I can get access to any account attached with that phone number, I can even empty your bank account. So what is more important to you? Your security or your ability to quickly switch between facebook and twitter etc. without logging in again? Experts' View: Avoid Social Networks' Single Sign-On https://www.databreachtoday.com/blogs/experts-view-avoid-social-networks-single-sign-on-p-2670
-
- sso
- single sign on
-
(and 7 more)
Tagged with:
-
How To Check If Your Twitter Account Has Been Hacked https://thehackernews.com/2018/09/twitter-account-hacked.html
-
Twitter: We Goofed; Change Your Password Now https://www.databreachtoday.com/twitter-we-goofed-change-your-password-now-a-10972
-
Facebook terms and conditions: why you don't own your online life http://www.telegraph.co.uk/technology/social-media/9780565/Facebook-terms-and-conditions-why-you-dont-own-your-online-life.html NOTE: The title is a bit misleading as the article is about many social media and not just Facebook.