Aaron Parecki

I'm a big fan of using more secure two-factor authentication methods like a security key or TouchID, but I will admit I never expected charging people to use SMS would be a viable strategy to get them off it 😅 https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter

I've given many talks about how mobile apps can't be deployed with a secret, and using Twitter's 2013 "hacks" as an example. I'm just going to leave this completely unrelated string of random characters here for no particular reason

GgDYlkSvaPxGxC4X8liwpUoqKwwr3lCADbz8A7ADU

PSA: If you use Twitter to sign in to stuff, you should double check you have another way to get in to those accounts asap. With Twitter charging ??? for API access next week, you have no way of knowing whether the apps you use are going to pay that.

I've got an ad spot opening up in the new year on https://oauth.net! This is *the* hub for everything about OAuth online. Text-only ads, and usually has a high clickthrough rate!

Get in touch if you'd like to get your business in front of 150,000 people a month!

Remember folks, "token exchange" does *not* mean "let me exchange a customer ID for a token"!

Good thread on how remotely connected Honda, Nissan, Infiniti, and Acura cars were all able to be remotely controlled knowing only the VIN.

https://twitter.com/samwcyo/status/1597792145691246593

This is your scheduled periodic reminder, for no particular reason, that now is a good time to review the third party OAuth apps that have access to your Twitter account, and remove any that you don't recognize or haven't used in a while.

➡ https://twitter.com/settings/connected_apps

What could possibly go wrong? https://twitter.com/racheltobac/status/1588367452043235328

October is cybersecurity awareness month.

Okta is a cybersecurity company.

...coincidence...?

In just 30 minutes, join me and @vibronet for another OAuth Happy Hour! We'll be catching up on all the latest progress in the world of OAuth and OpenID Connect! Bring your questions or just come to hear about what's new! https://youtu.be/Bg7cr9UTP9Q

I'm working on a new video course, (tentatively) called "Advanced OAuth Security"!

If you'd like to be the first to hear when it goes live, you can sign up for my email list here!

https://oauth2simplified.com

Just published a new version of OAuth 2.0 for Browser-Based Apps!

https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-11.html

If you have feelings about tokens in browsers, please feel free to chime in on the discussion! You can comment on the mailing list or open issues on the GitHub repo linked from the doc!

Just landed in Seattle and realized even tho I fly thru here all the time I barely actually ever leave the airport!

Super excited to be helping out with this event tomorrow tho! There's still space if you want to join!

https://twitter.com/auth0/status/1560628964254679040