Gaping hole found in Twitter OAuth authentication process

TechEye.net, By Dean Wilson

Twitter recently ditched its Basic authentication method for OAuth authentication, which is intended to be more secure, but Ryan Paul at Ars Technica believes OAuth is inherently flawed and that Twitter has done a botched job at implementing it, making it an even greater security threat.

In a strongly worded diatribe Paul said the OAuth standard “has many significant weaknesses and limitations”, calling it “an inelegant hack that lacks maturity and fails to provide clear guidance on many critical issues that are essential to building a robust authentication system.”

Read more