Richard Bucker

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Posted at — Dec 3, 2019

I have never liked OAuth. Back in the day it was all about single signon but now it’s much worse. It’s about one cred for all services. And that’s it’s weakness. The more services that you join to the one set of credentials the more valuable it is to hack your creds. The same can be said of services like 1Password. A compromise there will yield access to multiple people and multiple systems. All of that is why reusing th same password for each service is such a bad thing.