> so I can only assume it was a real Facebook oauth flow, another reason why we ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		andybak on Sept 14, 2020 \| parent \| context \| favorite \| on: I lost €4k in a Facebook scam > so I can only assume it was a real Facebook oauth flow, another reason why we should be training users to only do oAuth in a browser with a password manager. It's one last solid line of defence. OAuth in a native app is a security risk.

donmcronald on Sept 14, 2020 [–]

That's not a silver bullet though. If the password manager does a poor job of domain matching, the user gets accustomed to having to manually search for logins once in a while.

andybak on Sept 15, 2020 | [–]

Agreed. Not perfect but much better than nothing.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact