A thing I just saw on the orange site: "WebAuthn seems to be designed by big businesses to take control of the authentication ecosystem."

-
-
Replying to @reaperhulk @tqbf
Why do you find this argument ridiculous? This is what happened with Oauth.
2 replies 0 retweets 1 like -
Replying to @Pinboard @reaperhulk
I’m slow today because flu, but: it looks to me like everyone does OAuth and nobody has trouble implementing it; I think it’s actually TOO EASY to do OAuth.
1 reply 0 retweets 2 likes -
(I spent a fair bit of time this year carefully auditing OAuth implementations that didn’t need to exist)
1 reply 0 retweets 2 likes -
Replying to @tqbf @reaperhulk
My minor point is that monopoly tech companies have been trying to centralize login for a very long time, so it's natural to approach new login methods with skepticism. I don't think WebAuthn is a ruse, but I don't think ridiculing people for deep distrust is warranted, either
3 replies 0 retweets 6 likes -
Replying to @Pinboard @reaperhulk
Your minor point is worthy but mis-targeted, FWIW: _lack_ of standardization of unphishable creds was leading everyone to centralize login on GSuite. I don’t know what the good target is. I’d recommend most clients centralize on GSuite. Everything is bad.
1 reply 0 retweets 5 likes
I never understood the difference between Oauth and phishing, to be honest, other than one was malicious. Certainly not well enough to explain it to people. But my ultimate point is: I hope you feel better!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.