SemanticScuttle - klotz.me

Tags: authentication*

0 bookmark(s) - Sort by: Date ↓ / Title /

1. Okta AD/LDAP Delegated Authentication - Username Above 52 Characters

   A vulnerability in Okta's AD/LDAP DelAuth was identified on October 30, 2024, allowing users to authenticate using only the username if it exceeds 52 characters and a cache key was previously generated. The issue was resolved the same day by switching cryptographic algorithm from bcrypt to PBKDF2.

   2024-11-02 Tags: okta, authentication, security advisory, pbkdf2, bcrypt by klotz
2. Username Over 52 Characters? No Password Required, Says Okta

   Okta has confirmed a security vulnerability where usernames of 52 characters or more allowed account access without a password.

   2024-11-02 Tags: okta, username, security, vulnerability, authentication, password by klotz
3. The War on Passwords Is One Step Closer to Being Over

   The FIDO Alliance's new Passkey standard aims to make password-less authentication a reality, but the real challenge lies in getting users to adopt the technology.

   2024-10-17 Tags: security, password, fido, passkey, authentication, wired, http by klotz
4. Beem Development's Aegis: A Free, Secure, and Open Source 2FA App for Android

   Aegis is a free, open source Android app that securely manages 2-step verification tokens. It supports HOTP and TOTP, is compatible with thousands of services, and offers features like screen capture prevention, biometric unlock, and automatic backups.

   2024-07-05 Tags: authy, authentication, android, 2fa, authenticator, open source, security, hotp, totp by klotz
5. Understanding JWT Authentication: A Comprehensive Guide with Examples

   Learn about JSON Web Tokens (JWT) authentication, its working, components, benefits, and implementation with examples using Node.js and Express. This guide covers the process, key components, and security of JWT.

   2024-06-22 Tags: jwt, authentication, web development, node, react, security by klotz
6. JWTs Aren’t Made for Authorization

   This blog post explains why JWTs (JSON Web Tokens) are not suitable for authorization despite their popularity in authentication scenarios. It discusses the proper use of JWTs for verification, the risks of misusing them for authorization, and alternative solutions.

   2024-06-06 Tags: jwt, authorization, authentication, oauth, role-based access control, attribute-based access control, relationship-based access control by klotz
7. Decoding the JSON Web Token aka JWT

   The article discusses the JSON Web Token (JWT), a self-contained authentication token used for secure communication between server and client. JWT consists of three parts: Header, Payload, and Signature.
   
   The header contains information about the token type and the hashing algorithm used for creating the signature. The payload contains user-specific information, such as issuer, subject, and expiration time, in a JSON object format. The signature is a key or token created by taking the header and payload and appending it with the secret key, which is then hashed using the hashing algorithm provided in the header.

   2024-06-05 Tags: jwt, json web token, authentication by klotz
8. Build Your Own Two-Factor Authenticator With Good USB | Hackaday

   2022-06-18 Tags: arduino, 32u4, authentication, two-factor, usb, hacks, hackaday, firmware by klotz
9. Enhanced SSH and FIDO authentication in Ubuntu 20.04 LTS | Ubuntu

   2020-06-04 Tags: ubuntu, ssh, fido, authentication, yubikey by klotz
10. JWT is Awesome: Here's Why – The HFT Guy

    2020-02-18 Tags: jwt, authentication by klotz

Top of the page

First / Previous / Next / Last / Page 1 of 0