

Protecting Your Company From Phishing Attacks - bradleybuda
http://blog.meldium.com/2013/5/8/protecting-your-company-from-phishing-attacks

======
thirsteh
The analysis is fair, but the conclusion is wrong. Nothing stops a phishing
site from just luring you into granting it a lot of rights via OAuth. And if
your OAuth server doesn't let your users use X or Y service, they will just
sign up for it with a password anyway.

The solution is user education, not federated authentication (whether with
two-factor authentication enabled or not.)

