(no title)
badida
|
13 years ago
Oh wait, I misread your point. Yes, the attacker can log into all Persona web sites if they know your Yahoo password. But that's the way the cookie crumbles with federated identity. It's the same thing if you pick a Yahoo email address as your recovery email. Pick your identity providers wisely!
No comments yet.