all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Secrets vs Keys in OAUTH

Add to bookmarks
Feb. 4, 2024, 6 p.m. | /u/prumf

cybersecurity www.reddit.com

When you create oauth clients, you are provided with a `client_id` and a `client_secret`. They are used to authenticate a client (whether a human or a machine), before you do something important, like sharing resources.

**But isn’t that subpar security ?**

Passkeys are currently the gold standard for websites user authn. They are mathematically secure as long as you don’t fuck-up the implementation.

Why is oauth using the old concept of a username+password for something as crucial as resource access …

authenticate client clients cybersecurity human important isn keys machine oauth passkeys resources secrets security sharing standard websites

Visit resource

More from www.reddit.com / cybersecurity

How much knowledge do you guys know about the industry that you work in? 6 hours ago | www.reddit.com
banking cybersecurity etc gas +8
Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign 7 hours ago | www.reddit.com
attack attacks campaign cisco +7
Any Fortune 100 company go all in on Microsoft E5 Security Suite? 17 hours ago | www.reddit.com
all in cybersecurity defender defenders +12
Blueteam Certification like cybersecurity engineers 19 hours ago | www.reddit.com
architect blueteam certification certifications +12
Fake job interviews target developers with new Python backdoor 22 hours ago | www.reddit.com
backdoor cybersecurity developers fake +7
Passkeys: A Shattered Dream 22 hours ago | www.reddit.com
cybersecurity dream passkeys
Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software 22 hours ago | www.reddit.com
census cyberattack cybersecurity easy +4
Ukraine's military intelligence launches cyberattack against United Russia party 22 hours ago | www.reddit.com
cyberattack cybersecurity intelligence military +4
The XZ Utils Backdoor explained - Columbia University Lecture 1 day ago | www.reddit.com
cybersecurity

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote Canada
View on infosec-jobs.com

Senior Application Security Engineer

@ Revinate | San Francisco Bay Area
View on infosec-jobs.com

Cyber Security Manager

@ American Express Global Business Travel | United States - New York - Virtual Location
View on infosec-jobs.com

Incident Responder Intern

@ Bentley Systems | Remote, PA, US
View on infosec-jobs.com

SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com
View more jobs