NetworkWorld: A number of Web companies, including Facebook and Salesforce.com, rely on the OAuth 2.0 standard to authenticate users. But critics like former OAuth co-creator Eran Hammer-Lahav of Yahoo say the security measure is too easy to crack.
"The OAuth community has made a big mistake about the future direction of the protocol," wrote Hammer-Lahav. "What makes this more frustrating is that the people behind [OAuth 2.0] are some of the brightest security minds on the Web. These guys know exactly what they are doing, and it's not like they don't care. They just gave up and decided that the best they can do is maintain the status quo. They are also representing a large and powerful coalition of big companies too lazy to work a little harder."