all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Secrets vs Keys in OAUTH

Add to bookmarks
Feb. 4, 2024, 6 p.m. | /u/prumf

cybersecurity www.reddit.com

When you create oauth clients, you are provided with a `client_id` and a `client_secret`. They are used to authenticate a client (whether a human or a machine), before you do something important, like sharing resources.

**But isn’t that subpar security ?**

Passkeys are currently the gold standard for websites user authn. They are mathematically secure as long as you don’t fuck-up the implementation.

Why is oauth using the old concept of a username+password for something as crucial as resource access …

authenticate client clients cybersecurity human important isn keys machine oauth passkeys resources secrets security sharing standard websites

Visit resource

More from www.reddit.com / cybersecurity

Around 1000 exploitable cybersecurity vulnerabilities that MITRE & NIST ‘might’ have missed but China or … 6 hours ago | www.reddit.com
china cybersecurity cybersecurity vulnerabilities mitre +3
Does anyone perform model-assisted threat hunting? 9 hours ago | www.reddit.com
advanced analysis capabilities coworkers +12
SEC Adds New Incident Response Rules for Financial Sector 15 hours ago | www.reddit.com
cybersecurity financial financial sector incident +5
Do you automate? 18 hours ago | www.reddit.com
automate automation bash can +15
Is the Microsoft Security Operations Analyst Associate SC-200 Certification Worth Pursuing? 19 hours ago | www.reddit.com
analyst certification certs cybersecurity +12
Picking your sources of IoC 1 day, 10 hours ago | www.reddit.com
can cybersecurity go to investigation +7
Are password requirements useless? 1 day, 10 hours ago | www.reddit.com
bitwarden brute can cybersecurity +13
Upcoming conferences for 2024? 1 day, 11 hours ago | www.reddit.com
conference conferences cybersecurity employer +11
How does a processor execute encrypted binaries. 1 day, 12 hours ago | www.reddit.com
bitcoin bypass cybersecurity defender +15

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España
View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania
View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States
View on infosec-jobs.com