Yes, I know. I was a little concerned myself over the SSO. I, personally have never really been a fan of social media sites, Google, and others using my personal information as a gold mine. Linking queries and connecting all the dots to where, what, why, and how users are on the Internet.
I read that there was study by some researchers at some University in the USA (Indiana University) and as well as the guys at the Microsoft research wherein SSO allowed scammers to log in as somebody else. There have been some incidents of users being able to login as other users right here in these forums. Not to say that our guys in this forum are scammers, but you can see 1st hand the results of the flaws of the new SSO for this forum. But it is not good and I am not really liking it.
Here is a quote from the website that I found earlier on how this scam into another’s web login was done:
In one of the flaws the researchers exposed, for example, not all websites confirmed that a verification coming from OpenID included all of the items the website asked to be confirmed, such as the first name, last name and email address. The researchers were able to access the request, delete one piece of requested information (the email address, for example) as it went to OpenID and simply re-insert it in the signed okay from OpenID. In this way, even a hacker who didn't control the email address linked to the user's account on the website in question could log in, and potentially make purchases, using that person's account
Scares the crap out of me. I am hoping that a patch was at some point in history done to correct this flaw. Link to above quote
All in all, I really don’t like it. Privacy really does not exist any longer and honestly, I wish the SSO for our forum would disapear and go back to the old log in that we had. There was, in my opinion, nothing wrong with it.
Download " antergos-wallpapers-extra " and enjoy community sponsored wallpapers.
Use the "Linux Beginner Search Engine"