Magic/tragic email links: don't make them the only option
(recyclebin.zip)
The term “Magic Links” once meant a futuristic PDA. Nowdays, companies like Auth0 use it to refer to the slightly-magical feat of including a login link in an email.
The term “Magic Links” once meant a futuristic PDA. Nowdays, companies like Auth0 use it to refer to the slightly-magical feat of including a login link in an email.
Magic Links Have Rough Edges, but Passkeys Can Smooth Them Over
(rmondello.com)
Independent media venture 404 Media recently published a post titled, “We Don’t Want Your Password”. The piece is a cogent explanation of the problems with password-based accounts online followed by a defense of the website’s login strategy, magic links, in the face of feedback about them being inconvenient and difficult to use.
Independent media venture 404 Media recently published a post titled, “We Don’t Want Your Password”. The piece is a cogent explanation of the problems with password-based accounts online followed by a defense of the website’s login strategy, magic links, in the face of feedback about them being inconvenient and difficult to use.
Ask HN: Google login has circular dependency
(ycombinator.com)
I just changed to a new iPhone. After setup, the gmail app requires me to confirm using two factor authentication using one of the following methods: <p>1. Tap Yes on a notification on my iPhone, which I don't receive because I am not logged in into any google accounts <p>2.
I just changed to a new iPhone. After setup, the gmail app requires me to confirm using two factor authentication using one of the following methods: <p>1. Tap Yes on a notification on my iPhone, which I don't receive because I am not logged in into any google accounts <p>2.
Show HN: Replace CAPTCHAs with WebAuthn passkeys for bot prevention
(github.com/singlr-ai)
Replace CAPTCHA with single-use, disposable passkeys. Human-friendly bot prevention without the frustration.
Replace CAPTCHA with single-use, disposable passkeys. Human-friendly bot prevention without the frustration.
Better Auth – Authentication library for TypeScript
(better-auth.com)
The most comprehensive authentication framework for TypeScript.
The most comprehensive authentication framework for TypeScript.
Improve your app authentication workflow with new Amazon Cognito features
(amazon.com)
Introduced 10 years ago, Amazon Cognito is a service that helps you implement customer identity and access management (CIAM) in your web and mobile applications.
Introduced 10 years ago, Amazon Cognito is a service that helps you implement customer identity and access management (CIAM) in your web and mobile applications.
Show HN: Better Auth v1.0 is here
(better-auth.com)
We are excited to announce the Better Auth V1.0 release.
We are excited to announce the Better Auth V1.0 release.
Will passkeys ever replace passwords? Can they? Here's why they should
(theregister.com)
Will passkeys ever replace passwords? Can they?
Will passkeys ever replace passwords? Can they?
An analysis of the Keycloak authentication system
(humanativaspa.it)
Earlier this year, I was working with my colleague Ema on a source-assisted application and architecture assessment for a client who was using Keycloak to implement single sign-on on their applications.
Earlier this year, I was working with my colleague Ema on a source-assisted application and architecture assessment for a client who was using Keycloak to implement single sign-on on their applications.
OpenID Connect specifications published as ISO standards
(self-issued.info)
I’m thrilled to report that the OpenID Connect specifications have now been published as ISO/IEC standards.
I’m thrilled to report that the OpenID Connect specifications have now been published as ISO/IEC standards.
A simple to use Java 8 JWT Library
(github.com/FusionAuth)
FusionAuth JWT is intended to be fast and easy to use. FusionAuth JWT has a single external dependency on Jackson, no Bouncy Castle, Apache Commons or Guava.
FusionAuth JWT is intended to be fast and easy to use. FusionAuth JWT has a single external dependency on Jackson, no Bouncy Castle, Apache Commons or Guava.
Pushed Authorization Requests (Par) in Asp.net Core 9
(nestenius.se)
ASP.NET Core 9 introduces support for Pushed Authorization Requests (PAR) in its OpenIdConnect authentication handler. But what exactly is PAR, and why does it matter? In this post, I’ll explain what PAR is, how it works, how to use it with Duende IdentityServer, and when you should consider using it in your applications.
ASP.NET Core 9 introduces support for Pushed Authorization Requests (PAR) in its OpenIdConnect authentication handler. But what exactly is PAR, and why does it matter? In this post, I’ll explain what PAR is, how it works, how to use it with Duende IdentityServer, and when you should consider using it in your applications.
Okta discloses auth bypass bug affecting 52-character usernames
(theregister.com)
In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could have allowed crims to pass Okta AD/LDAP Delegated Authentication (DelAuth) using only a username.
In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could have allowed crims to pass Okta AD/LDAP Delegated Authentication (DelAuth) using only a username.
Auth Wiki
(auth.wiki)
Explore and find clear definitions of key glossaries related to authentication, authorization, and identity management. Work with open-standards like OpenID Connect, OAuth 2.0, and SAML.
Explore and find clear definitions of key glossaries related to authentication, authorization, and identity management. Work with open-standards like OpenID Connect, OAuth 2.0, and SAML.
Eartho: Open-Source, Privacy-Focused Alternative to Google Sign-In
(github.com/eartho-group)
Eartho is an open-source authentication alternative that prioritizes user privacy.
Eartho is an open-source authentication alternative that prioritizes user privacy.
Comparing Auth from Supabase, Firebase, Auth.js, Ory, Clerk and Others
(hyperknot.com)
I’m Zsolt Ero. After reading blog posts all my life, but never writing one, I decided to start writing my thoughts while building. This is my first blog post.
I’m Zsolt Ero. After reading blog posts all my life, but never writing one, I decided to start writing my thoughts while building. This is my first blog post.
Understanding Pam and Creating a Custom Module in Python – Inside Out Insights
(tchncs.de)
In today's interconnected world, user authentication plays a critical role in ensuring the security and integrity of computer systems.
In today's interconnected world, user authentication plays a critical role in ensuring the security and integrity of computer systems.
The War on Passwords Is One Step Closer to Being Over
(wired.com)
“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.
“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.
New passkey specifications will let users import and export them
(9to5mac.com)
Passkeys were introduced two years ago, and they replace traditional passwords with more secure authentication using a security key or biometrics. To make the technology even better, the FIDO Alliance published on Monday new specifications for passkeys, which ensure a way to let users import and export them.
Passkeys were introduced two years ago, and they replace traditional passwords with more secure authentication using a security key or biometrics. To make the technology even better, the FIDO Alliance published on Monday new specifications for passkeys, which ensure a way to let users import and export them.
Coming soon: Securely import and export passkeys
(1password.com)
Passkeys are superior to passwords in almost every way. They’re simpler to use because there’s nothing to memorize, type out, or paste in. They’re also always strong and come with multi-factor authentication built right in. In short, passkeys are awesome.
Passkeys are superior to passwords in almost every way. They’re simpler to use because there’s nothing to memorize, type out, or paste in. They’re also always strong and come with multi-factor authentication built right in. In short, passkeys are awesome.
FortiLock: The Future of Unhackable Authentication
(ycombinator.com)
Hey there, tech enthusiasts and security pros! Ready to explore the future of secure logins? We’re proud to introduce FortiLock, an innovative, next-level authentication system designed to keep your credentials safe even in a world full of threats.
Hey there, tech enthusiasts and security pros! Ready to explore the future of secure logins? We’re proud to introduce FortiLock, an innovative, next-level authentication system designed to keep your credentials safe even in a world full of threats.
Show HN: An open-source reverse proxy that authenticates users
(github.com/stack-auth)
auth-proxy is a simple one-command proxy that authenticates your HTTP requests and redirects to a pre-built sign-in page if a user is not authenticated.
auth-proxy is a simple one-command proxy that authenticates your HTTP requests and redirects to a pre-built sign-in page if a user is not authenticated.
The Copenhagen Book: general guideline on implementing auth in web applications
(thecopenhagenbook.com)
The Copenhagen Book provides a general guideline on implementing auth in web applications. It is free, open-source, and community-maintained. It may be opinionated or incomplete at times but we hope this fills a certain void in online resources. We recommend using this alongside the OWASP Cheat Sheet Series.
The Copenhagen Book provides a general guideline on implementing auth in web applications. It is free, open-source, and community-maintained. It may be opinionated or incomplete at times but we hope this fills a certain void in online resources. We recommend using this alongside the OWASP Cheat Sheet Series.
Ask HN: What type of Auth are you using on your side projects?
(ycombinator.com)
I was looking at the Supabase docs and it was nice to see a long list of Auth work flows supported/documented. So my question is, here in October 2024, what are y'all using for Auth on your side projects. Password based, social, email, something else?
I was looking at the Supabase docs and it was nice to see a long list of Auth work flows supported/documented. So my question is, here in October 2024, what are y'all using for Auth on your side projects. Password based, social, email, something else?