Skip to header Skip to Content Skip to Footer

IT Security Update to Open Authorization (OAuth 2.0)

What Is OAuth 2.0?

OAuth 2.0 is an authorization protocol websites or applications use to access information from other apps. If you have used applications, such as Zoom or Adobe, which use your UNCW username & password to log in, then you have utilized OAuth 2.0.

What is Changing? 

Beginning February 28 at 8 a.m., IT Security will block new OAuth 2.0 applications in order to prevent potential cybersecurity risks and incidents. 

  • Current OAuth 2.0 connections will not be affected to ensure university operations continue unimpacted. These include applications such as Zoom, Adobe and many others.
  • UNCW accounts will no longer be capable of connecting to new 3rd party applications via OAuth 2.0.
  • If you believe a work-related exception is necessary for new 3rd party applications, please submit an OAuth Approval Request.   

If you have questions about the difference between current and new OAuth 2.0 applications, please email us at ITSecurity@uncw.edu. We're here to help.

What Are Some Examples of Oauth Risks?

  • If someone gains access to your account, they could use OAuth 2.0 to access all the systems/apps connected to your account.  
  • Malicious apps commonly pretend to be legitimate ones, tricking you into giving them access to your data. 
  • Even trusted apps can cause security problems via OAuth 2.0. Malicious individuals can exploit flaws in their code to manipulate OAuth 2.0 permissions. 

If you have any questions or require further assistance, please contact ITSecurity@uncw.edu.  


top