As identity and access management and single sign-on become more prevalent across government, IT pros should catch up on the differences between different security protocols. In April 2018, the Office ...

Counting Google, Amazon, and Microsoft among its early adopters, the new standard will provide organizations with more visibility and control over external applications. Here's how it works.

Another day, another major internet security flaw (step aside, Heartbleed). A bug has been found in OpenID and OAuth 2.0, two authentication programs that let you log into web sites using your Google, ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat ...

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...

The standard grew too far away from its roots as a simple Web authentication technology, author Eran Hammer-Lahav says, and now is insecure and overly broad. Stephen Shankland worked at CNET from 1998 ...

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...