14 hours ago 📚
1 day ago

The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication. #windows11 #passkeys #phishing #passwordless #authentication

3 days ago

Anyone heading to #Oktane next week in San Francisco?

We'd love to connect with more of our Okta and infosec community there!

#okta #conference #cybersecurity #security #authentication

Brian Rinaldi
3 days ago

We're live in 15 minutes with Dev Agrawal who will be showing how sessions can be a powerful tool in authentication and enable security and UX features. #authentication #development #webdev

Nick Taylor
6 days ago

It was tonnes of fun hanging with @devagrawal09 from @clerkdev this week on my Twitch stream! We discussed all things Clerk, authentication, web dev, all the things!

Here's a highlight from the stream. Full recording dropping on YouTube next week!

#authentication #usermanagerment #webdevelopment

6 days ago

Which CA Certificate to use when installing Ubuntu 22.04 from a USB? #networking #2204 #liveusb #authentication #certificates

Andrey Krisanov
6 days ago

#Keycloak provides many advanced features for implementing #authentication. Configuring a custom #LDAP user filter for User Federation to select a subset of user entries in Active Directory is just one of them. It might be quite useful in big organizations. The following post describes my experience:

I'm finally writing an #introduction toot LOL.

I'm "JJGadgets" online, you can call me JJ, everyone does.

My life is #tech, nothing brings me more joy and zen than sitting in front of my screens. Maybe except for Japanese food.

I use and prefer #linux for both server and desktop use, despite its flaws. I live in the #commandline. Been that way since I first jailbroke on iOS 5 and installed MobileTerminal.

I study #infosec but textbooks and lessons don't even come close to doing justice to what #infosec is all about. I like to think that I live and strive to live the infosec life, including my mindset. (After all, that's why @truxnell started calling me the "tinfoil hat sensei" LOL)

I do #Kubernetes @ Home, and maintain my cluster state in #git then apply it with tools like #FluxCD. My #homelab repo can be found at (will always 301 redirect to my latest Git remote of choice, in the event it changes). I think using #GitOps/IaC to declare desired security-related state (policies, rules etc) makes managing security a lot easier.

I try to follow "Principle of Least Privilege" for my homelab, and especially for Kubernetes security, using tools such as network policies (#netpols), policy engines, secrets management, identity management, strong #authentication, and access control. For example, my homelab Kubernetes cluster heavily uses netpols everywhere to default-deny and only allow the necessary network traffic for any given app to work.

I am also very interested in strong authentication methods such as #passwordless #fido2 / #webauthn (#yubikey and #passkeys) and where possible, I only enroll FIDO2 MFA, and choose the passwordless variant if available.

I try my best to use privacy-respecting software where possible, as I believe in maintaining transparency and control over the #privacy of people, regardless of online or offline.

I also believe in #opensource, too many times we've been shown the consequences of relying on closed source software, so where possible I always prefer open source.

Outside of the screen, admittedly I'm terrible at life stuff, and it's very hard for me to be interested in much of anything other than stuff on or related to a screen/device (I basically only talk tech stuff LOL). I'm working on changing that in the event I burnout hard again (though I still haven't found a non-tech interest yet, as of writing). I've burnt out multiple times despite still being a student, and thus I now (try to) take as much necessary measures as I can to avoid over-working, over-stressing or over-exerting myself.

That's about it, let's chat (or toot?)!

Emory L.
1 week ago

hey p.s. #macOS users if you have two #yubikeys (i use many but the #5c or #5cNFC are good options) you can add security keys to your Apple ID for a much better #MFA option. Apple makes you have redundant tokens, and I have to wait until i get back to iowa to set it up for myself but i don't know i missed this.

#infosec #authentication #appleID #iCloud #security

I seem to have locked myself out of my #Yubikey 😩

So now if I want to use it as a #passkey I have to reset all my #2fa seeds.

Back when I first got it I thought I'd use it for #WebAuthN so I bought two but only Google, Amazon, and Microsoft supported that so I only use it for #TOTP really.

Maybe I'll just set up the second one now..

#authentication #tech #security

@hertg my personal opinion is that for an #IdP it should work without JS because you have everything needed server-side AND you have a server.
For client-side-only apps though, that's where JS is allowed (and a must actually)
#javascript #identity #securitykeys #Passkeys #webauthn #iam #idp #openid #authentication #webdev

Michael :donor:
1 week ago

Requiring Javascript for Login Flows

The modern web and all its client-side code makes #javascript pretty much a requirement to surf the internet. Should #identity providers still go the extra step to make login flows work without javascript or is it reasonable to make JS a requirement?

Please comment if you want to add nuance, and thanks for sharing :)

btw. Google and Microsoft require JS for logins while Facebook, Amazon, and Github apparently don't. But JS obviously becomes a requirement once you use #securitykeys / #passkeys / #webauthn.

#iam #idp #openid #authentication #webdev

1 week ago

Okay nerds, it's #selfhosted #authentication #askFedi time.

I'm about to move a few parts of my network off-site. Anyone have any input for getting LDAP-based authentication to work across locations?

Like, LDAP+TLS with mutual certificate authentication is just fine, but I don't like the idea of exposing an LDAP port. Though a firewall rule to only allow the other side's IP to access it would probably be okay.

Given that this side still needs to access some internal services, it also makes sense just to #WireGuard it or something, that gives me everything in a manner that I believe is secure, I've yet to hear of any breaks on its encryption... just that if the remote host is compromised I have quite a wide open attack surface.

Any ideas?

#askFediverse #networking #networkSecurity

Marcin Lis
1 week ago

#Cloudflare’s Dashboard enables users to configure 2-Factor #Authentication using a #Security Key. An issue in the authentication system allowed for the retrieval of #recovery codes (used to regain account access if the security key is lost) after verifying the username and password but before completing the authentication process by touching the Security Key.

Generic white guy SysAdmin
2 weeks ago

And to wrap up the session before lunch, Brian Bockelman gives us a Token Taxonomy, with respect to #HTCondor. I appreciate it because #authentication & #authorization still confuse 😖 the heck out of me.

2 weeks ago

So, is there a way to enable "two factor authentication" on a Linux laptop for facebook, not using a smartphone?

#Question #Facebook #Laptop #Linux #Authentication

2 weeks ago

VPN connection in Ubuntu 22.04 throws "MS-CHAP authentication failed" #server #networkmanager #vpn #authentication #l2tp

Nick Taylor
2 weeks ago

Looking forward to hanging with @devagrawal09 this week on! We're going to discuss Clerk, auth, web dev, all the things!

Come chill with us this Wednesday, September 20th at 5 pm UTC!

Reminder: #authentication #authorization #webdevelopment promo for guest Dev Agrawal
D2I 🕊
2 weeks ago

#Authorizer is an #open-source #authentication and #authorization solution for your applications. Bring your database and have complete control over the user information. You can self-host authorizer instances and connect to any database (Currently supports 11+ databases including Postgres, MySQL, SQLite, SQLServer, YugaByte, MariaDB, PlanetScale, CassandraDB, ScyllaDB, MongoDB, ArangoDB).

#Linux #macOS #windows

2 weeks ago

Build vs. Buy in 2023: Top Considerations for Choosing Identity Management Solution

Choosing between building or buying an identity management solution is not a straightforward decision. In this article, we'll dive into the key considerations that can guide this decision.

#identityandaccessmanagement #authentication #security #buildorbuy

2 weeks ago

Learn what passkeys are all about and their advantages and disadvantages #security #passwords #passkey #authentication #cryptography

Antique black keys hanging from a hook on a wooden surface
3 weeks ago

Random print before login after restarting in Ubuntu from Windows on a dual-boot #2204 #printing #authentication

3 weeks ago

I'm almost afraid of asking this question, but I'll do it anyway.

Why are we still using cookies to store state about for example authentication and session?

I mean, as a user I go through hoops to securely authenticate myself, tokens here and there, hardware fingerprint readers... only to have all of this, reduced to a text file, stored in the clear, in my browser.

It just seems... odd. Oh, BTW, asking for a friend ;-)

#Security #Web #Development #Session #Authentication #Cookies

Stephen Shankland
3 weeks ago

I'm a fan of passkeys for easier, safer authentication. So is password manager Dashlane: "With the rollout of iOS 17, Dashlane will be available as a passkey manager on both mobile and desktop, supporting passkeys across web and on Android and iOS."
#Authentication #passkeys #PasswordManager #Dashlane #iOS17 #iOS

‼️ IS
‼️ A
‼️ DAY
‼️ 0
‼️ !!!

3 weeks ago

802.1x wired authentication: How to make NetworkManager ask for identity every time? #networkmanager #security #authentication

Martin Tilo Schmitz
3 weeks ago

Dear Tech world,
Seamless SSO (Single Sign-On)
#rant #seamless #sso #IT #authentication

Image macro depicting Inicio Montana from Princes bride with the caption "You keep using that word, I do not think that it means what you think it means"
3 weeks ago

4 Okta customers hit by campaign that gave attackers super admin control:

Attackers already had credentials. Now, they just needed to bypass 2FA protections.


#security #2fa #2factorauthetification #authentication #bypass #admintools

Nishant Kaushik
3 weeks ago

Getting rid of 3rd party cookies to avoid tracking: noble idea, but with some really bad side effects (for #authentication).
Replacing it with an API that mines your browser history to create an interests profile for you that any website can query (and put more money into Google's pockets), while using the terms "enhanced" and "#privacy" in the name: sketchy af.

1 month ago

.@jik This is another one of those situations where the best answer is likely that the industry needs to create a better #authentication mechanism. Memorizing a code is terrible #UX from the jump. The fact that it also isn't long enough to foster confidence is just extra.

But it does cause problems. It's the reason why the big platforms need to offer this kind of thing in a way which harms #user #privacy. Since these short codes can't actually be trusted, they want to lock-in #2FA to a user's #phone, situating them with location services, and reducing the likelihood of an impersonation attempt.

As an industry, we can do much better. But of course, #PII is money. This tends to incentivize businesses to only propose #security solutions which don't interfere with consuming user #data.

#cryptography #appsec #infosec

Jonathan Kamens
1 month ago

Attention people building #authentication mechanisms for web sites and apps! Numeric verification codes sent via text or email are not actually a context in which bigger is better! 6 digits is enough. More than 6 is bad #UX, because the average person can remember 6 for long enough to get them from the message to the app, but more than that is hard for many. There's a lot of research on this. Go look it up and stop using codes longer than 6 digits. #infosec #AppDev #WebDev #SecurityEngineering

1 month ago

Fail2ban sshd rule is active but not working! #ssh #authentication #fail2ban

Kingsley Uyi Idehen
1 month ago

What's going on here?

I authenticate using @apple, @linkedin, etc.,
via their respective auth services, but retain control of the post-login identifier.

My Link In Bio style profile doc determines my canonical identity😀

#SSI #SSO #Identity #Authentication #CreatorEconomy #IndieAuth

1 month ago

🎓 #InAcademia, the real-time online student validation service, has continued to grow in 2022!

The service is now operational in 🇳🇱 🇩🇪 🇩🇰 🇪🇸 🇫🇷 🇮🇹 🇸🇪 🇹🇷 🇦🇹 🇮🇸 🇫🇮

Read about #NRENs activities in Trust & Identity (and much more) in the 2022 GÉANT #Compendium of NRENs 👉

More about InAcademia at

@SURF @DFN @nordunet @renater

#TrustAndIdentity #IAM #IdentityAndAccessManagement #eduGAIN #authentication #validation #privacy #students #academia

GÉANT Compendium 2022 of National Research and Education Networks in Europe.

Figure 7.6: Federations Participating in InAcademia.

In orange: Countries where InAcademia is now operational. 
In blue: Countries where NRENs indicated an interest in starting InAcademia operations and are supportive of new use cases
Kingsley Uyi Idehen
1 month ago

Here's a screencast demonstration of Single Sign-On facilitated by loosely-coupling #Identity and #Authentication, courtesy of the #IndieAuth protocol.

#SSI #CreatorEconomy #YouID #VirtuosoRDBMS #SPARQL #Screencast #HowTo

Stephen Shankland
1 month ago

A huge tech player with a bajillion customers just enabled passkey support: Amazon. Here's how to enable them for login that in my experience is fast and easy and, according to a ton of experts I've spoken to, vastly more secure than passwords.

#Security #Authentication #Amazon

1 month ago

Exploring authentik today... I think I'm liking this...

#authentik #authentication #security

Denzil Ferreira 🌳🍄
1 month ago

Been thinking to get a USB fingerprint reader for a mini desktop PC I have running Fedora 38. Any recommendations?

#linux #lfvs #biometric #authentication

I just got #T2 authenticated today.

I've had my share of being impersonated online, so if there is an "official" authentication system available, I take the opportunity (but not Twitter and Meta, they rejected me multiple times).

So, I guess before this week ended, there's something good that happened. It at least lifted my soul.

Here's my profile:

If you want invites, ping me up, I still have a few left.

#T2social #SNS #verified #verification #authentication #authenticated #YourOnlyOne

I just got T2 Authenticated over at

#FIDO2 - the superior Multi Factor #Authentication Framework
(50min) by @cy

Great overview/intro talk about #2FA using #WebAuthN, hardware security tokens, #TOTP and #passkeys.

Furthermore: why FIDO2 does have some advantages compared to passkeys when #security is more important than convenience. Passkeys leaks your private key to the #cloud provider.

#MFA #YubiKey #Solokeys #NitroKey

/cc @frank @keno3003

Linux Magazine
1 month ago

ICYMI: Jesse Hagewood shows you how to integrate Google Authenticator with SSH logins #authentication #SSH #Linux #password #MFA #TOTP

hands of three people sitting at a table working on plans with a ruler, calculator, and pencil with a laptop in the background

Storm-0558 hacks of Microsoft Exchange

In mid-July 2023, Microsoft reported that a Chinese hacking group tracked as '#Storm0558' breached the email accounts of 25 organizations, including US and Western European government agencies, using #forged #authentication #tokens from a stolen Microsoft consumer #signing #key.

Using this stolen key, the Chinese threat actors exploited a zero-day vulnerability in the #GetAccessTokenForResource API function for Outlook Web Access in Exchange Online (#OWA) to forge authorization tokens.

These tokens allowed the threat actors to impersonate Azure accounts and access email accounts for numerous government agencies and organizations to monitor and steal email.

After these attacks, Microsoft faced a lot of criticism for not providing adequate #logging to Microsoft customers for free. Instead, Microsft required customers to purchase additional licenses to obtain logging data that could have helped detect these attacks.

After working with CISA to identify crucial logging data needed to #detect #attacks, Microsoft announced that they now offer it for free to all Microsoft customers.

US cyber safety board to analyze Microsoft Exchange hack of govt emails

The Department of Homeland Security's Cyber Safety Review Board (#CSRB) has announced plans to conduct an in-depth review of #cloud #security practices following recent Chinese #hacks of #Microsoft #Exchange accounts used by US government agencies.

The CSRB is a collaboration of public and private sectors, created to conduct in-depth investigations that offer a better understanding of critical events, discern root causes, and issue informed recommendations on cybersecurity.

In this case, CSRB will explore how the government, industry, and cloud service providers (CSPs) can bolster #identity #management and #authentication in the cloud and develop actionable #cybersecurity recommendations for all stakeholders.

Microsoft Signing Key Stolen by Chinese - Schneier on Security

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used #forged #authentication #tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers.

The phrase “negligent security practices” is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.

Actually, two things went badly wrong here. The first is that Azure accepted an #expired #signing #key, implying a vulnerability in whatever is supposed to check key validity.

The second is that this key was supposed to remain in the the system’s #Hardware #Security #Module—and not be in software. This implies a really serious breach of good security practice.

The fact that #Microsoft has not been forthcoming about the details of what happened tell me that the details are really bad

Cloud Authentication Services

There is a sea of Cloud Auth / Identity management providers.

There was a time I used to roll my own, but as security is getting complicated, it seems for startups & small to medium businesses it is better to use a cloud auth provider.

Please share your thoughts on your experience with this as I look into this area.

So far I have come across:

#Auth0 (by Okta)


John Scott-Railton ☕
2 months ago

4/ #Phishing is a numbers game & difficulty + cost of faking a voice, have limited the use certain presumably effective themes (e.g. call from your lawyer or mom).

Those same factors have led to some companies going going hard on "my voice is my password" #authentication.

I'm glad my job doesn't include protecting financial institutions #fintech & consumers from #deepfake speech.

Or handling their #insurance .

Because the next few years are going to be a bloodbath.

#cybersecurity #fraud

Schneier on Security RSS
2 months ago

Microsoft Signing Key Stolen by Chinese

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user ema...

#authentication #Uncategorized #cybersecurity #backdoors #Microsoft #hacking #China #keys

Nicolas Fränkel
2 months ago

When exposing an application, consider a an #APIGateway to protect it from attacks. Rate Limiting comes to mind first, but it shouldn’t stop there. We can factor many features in the API Gateway and should be bold in moving them from our apps. In this post, I’ll show how to implement authentication at the Gateway API stage.

#authentication #keycloack #SpringSecurity #SystemArchitecture

Toni Aittoniemi
2 months ago

@arstechnica Letting big tech make all these decisions on their own is pretty risky.

Due to the probably coming assault of intelligent bot-fueled personalised propaganda (probably by December this year), it will become necessary to prove one’s humanness very soon.

But that doesn’t have to be where privacy ends if nation-states step in as the legal providers #human #authentication and guarantee #anonymity at least in from the corporate world.

But they payrolled the politicians.

Chris J. Karr
2 months ago

For Oppenheimer weekend, I broke out a couple of mementos from the two summers that I worked at Los Alamos in a support role for their high performance computing group. (ASCI Blue Mountain was just coming online around that time.)

These are two-factor authentication devices that were required to log in anywhere and are very similar to today's time-based one-time passwords (TOTP) that are in growing use today.

#LANL #LosAlamos #Security #Authentication #TOTP #BlueMountain

CRYPTOcard and SecureID devices from my time at LANL (summers 1998 & 1999).
Stephen Shankland
2 months ago

I predict that passkeys will be a big deal. In my tests using them for Google login, then with CVS just prompting me to migrate to them from password authentication, they were indeed pretty simple to use. 1Password is testing the ability to store passkeys and now the ability to unlock your passkey vault with passkeys. My latest story:
#passkeys #authentication #Security #1Password

Stephen Shankland
2 months ago

70% of Google account users have 2-factor authentication protection now. My predictions: passkey technology will help with this, making MFA easier to accomplish and less vulnerable than login codes via SMS.
#authentication #passkeys #security #Google #MFA

3 months ago

#Development #Launches
Introducing passwordless authentication on · GitHub users can now start securing their accounts with passkeys

#GitHub #PasswordLess #Authentication #Security #WebDevelopment #WebDev #Frontend #Backend #Device #SecurityKeys #PassKeys

When I try to login to using my account it doesn't work if I have the #mastodon #PWA installed 😩

It's probably because the PWA handles urls but doesn't redirect with the query params correctly...

#webDev #auth #authentication #oauth #progressiveWebApps

Stephan Wiefling
3 months ago

My PhD thesis on the usability, security, and privacy of Risk-Based Authentication (RBA) is now published. For free, for everyone, as I believe that publicly funded research should be open to the public.

On 239 pages, you will learn how to strengthen password-based authentication with RBA while being privacy-enhanced and accepted by users.

Thesis PDF:

Defense Slides:

#password #ux #hci #authentication #cybersecurity #privacy #openaccess #phd

Stephan Wiefling

Usability, Security, and Privacy of Risk-Based Authentication

Weaknesses in password-based authentication have always shaken pass- word security, especially with the rise of data breaches. Credential stuffing and password spraying attacks automatically enter leaked login credentials (username and password) on literally all websites worldwide, in the hope that users re-used them. Other attacks involving machine learning can use the login credentials to guess passwords more efficiently. To protect their users against such attacks, and to increase the cost for attackers, popular online services started using risk-based authentication (RBA). This decision was made as more than 90% of their users still refuse to opt for two-factor (2FA) or multi-factor authentication (MFA) schemes. RBA can increase the protection of these users, until more secure authentication methods are in place. RBA is an adaptive approach to strengthen password-based authentication. It monitors a set of features related to the login behavior during the password entry, e.g., IP address and user agent string. When the observed features values significantly differ from those of previous legitimate logins, RBA requests additional information from the user to proof the claimed identity, e.g., verifying the user account’s email address. Government agencies like NIST (USA), NCSC (UK), and ACSC (AU) recommend RBA to protect users against attacks involving stolen passwords. Also a US presidential...
Three softcover books of the dissertation "Usability, Security, and Privacy of Risk-Based Authentication" in front of a building showing the logo of Ruhr University Bochum on a sunny day.
Marco Ivaldi
3 months ago

Pulling SYSTEM out of #Windows GINA — #Authentication #Bypass to SYSTEM shell in #ManageEngine #ADSelfService Plus Windows GINA Client

// by

Pre-auth SYSTEM shell
Michael :donor:
3 months ago

Question about implementation of #Passkeys. As I understand it, having a user login with passkey but without UV (User Verification) is not necessarily MFA as it could just be a stolen security key (Something you have).

How is (or should) #MFA with Passkeys implemented in practice? By setting UV as "required"? Or by setting UV as "preferred" and then based on the user response prompt for another factor (eg. #TOTP) in case there was no UV? I am a bit confused about how to fit Passkeys into the current #authentication logic.

#passwords #fido #fido2 #webauthn #identitymanagement #iam #oauth #openid

Konstantin :C_H:
3 months ago

🚧 Brute-Forcing One-Time Passwords 🚧

My last two threads discussed the probability of brute-forcing OTPs, how to do it effectively and how to defend against attacks.

Here is an overview of the topics covered:

1. Bernoulli Processes 🧮

2. Increasing and Decreasing Probabilities 🤞

Here's everything compiled into a blog post 📰

Do you find my content valuable?

🔔 Follow me for more web security content.

🔁 Also, boost this toot to spread the word!

#Infosec #CyberSecurity #BugBounty #Pentesting #Hacking #Passwords #OTP #Authentication

Stephen Shankland
3 months ago

Just logged into CVS and they prompted me to enroll a passkey. Super easy. 3 steps and I'm done. (For this browser, on this laptop — sync is the next hurdle.)
#passwordless #authentication #passkey

Screenshot of CVS prompt to enroll in passkey authentication — no password required. Step 1 of 3
Screenshot of CVS passkey authentication enrollment. Step 2 of 3
Screenshot of CVS passkey authentication enrollment. Step 3 of 3
3 months ago

OAuth Authentication with Enhance?

Yes, please.

Read @ryanbethel latest post on how to set it up.

#enhance #authentication

Konstantin :C_H:
4 months ago

One-time passwords are often used for authentication.

This thread will show you how likely they are to be guessed.

Part 1: Bernoulli Processes 🧮

#Infosec #CyberSecurity #BugBounty #Pentesting #Passwords #OTP #Authentication

4 months ago

🔒 Verify email and phone for new accounts

Verify a phone number or email address as a method for account recovery.

by @ryanbethel

#enhance #authentication

Stephen Shankland
4 months ago

Bet you a nickel Apple at WWDC will announce some passkey support for accessing its own services, e.g. iCloud
#Passkey #authentication #WWDC #Apple

Stefan Bohacek
4 months ago

Usually I polish my work a bit more before releasing it publicly, but I really wanted to give people interested in making fediverse apps for everyone a bit of a head start.

Here's a very work-in-progress authentication server I use for my fediverse connections data visualization project:

#fediverse #mastodon #calckey #oauth #authentication #nodejs #development

#Mastodon is an #OAuth provider, just like Facebook, Twitter, Google etc. That means a third party site could allow you to "login with mastodon"

Would you feel at all suspicious of a site that asked to do so? Knowing that it would allow said site to post to your mastodon account?

#ActivityPub #WebDev #authentication #auth #fediverse

4 months ago

🔒 Authentication for a Username and Password flow

Continuing our series on authentication. Build a username password authentication flow for an Enhance app.

by @ryanbethel

#enhance #authentication

EINGFOAN :donor:
4 months ago

Newbie question: what is best #mfa #authentication method for #offline networks? I am playing around with a lab environment where I want good mfa inside but don’t want it to connect to the internet. My current point of view is: I can not place #Fido there since it „needs“ internet in many ways.. right? . My current way of thinking is i build a PKI into this network and use it with #yubikey acting as a Smartcard but not #u2f or #fido2 . Am I wrong ? Is there better options?

Stephen Shankland
5 months ago

If passkeys are easy enough to use, will people be less inclined to stay logged in via cookies? (Password managers have shifted me this direction.) Will websites cut down on the "stay logged in" option? Because there's a market for cookie credentials to break into accounts.
#Security #PasswordManager #passkey #login #authentication

5 months ago

#Development #Reviews
Why is OAuth still hard in 2023? · “We implemented OAuth for the 50 most popular APIs. It is still a mess.”

#WebDevelopment #WebDev #Frontend #Backend #API #OAuth #OpenStandard #Authentication #AccessControl

Daniel Fisher (lennybacon)
6 months ago

@Migueldeicaza Here is a new Issue requesting #hardware #SecurityKeys (e.g. #yubikey) for #SSH #authentication in the #LaTerminal #ios #app by #Xibbon.

Give it a vote if you think this is useful!

I decided to implement #WebAuthN to #authenticate on my site.

This is my first time using the navigator.credentials #API. Anyone got any good articles or tips for me?

#webDevelopment #webDev #frontend #credentials #web #browser #auth #authentication #login