Giới thiệu Toqen – luồng xác thực bảo vệ quyền riêng tư bằng mã QR và TOTP tạm thời, không cần tài khoản/mật khẩu. Giải pháp giảm thiểu thu thập dữ liệu, phù hợp cho SaaS, khóa học, sự kiện. TONs? #Authentication #Privacy #SaaS #XácThực #QuyềnRiêngTư #PhầnMềmSaaS
https://www.reddit.com/r/SaaS/comments/1pkm1pt/building_a_privacyfirst_authentication_flow_with/
Các loại token Git không thể thay thế nhau. PAT: Dùng cho truy cập cá nhân. Token Deploy: Cho CI/CD. Token CI: Tự động hóa. Hiểu đúng để tránh lỗi hệ thống. #Git #Authentication #GitTokens #DangNhap #GitToken
MOSS là thư viện chữ ký cho hệ thống đa đại lý, giúp truy xuất nguồn gốc đầu ra bằng ID mã hóa. Mỗi hành động của đại lý đều được xác thực, chống giả mạo và phát hiện gửi lại. Sử dụng ML-DSA-44, SHA-256, tích hợp CrewAI/LangChain. #AI #BảoMật #MãNguồnMở #MultiAgent #Authentication
Tài trợ bởi: mosscomputing.com 🌐
Các tag khác: #CôngNghệAI #AnToànThiếtBị #PostQuantum #Audit
https://www.reddit.com/r/LocalLLaMA/comments/1pieibs/moss_signing_library_for_multiagent_pipelines/
NO NO NO, #Shell! Every #security benchmark considers SMS & Email OTP as weak #authentication. But I would rank Email a bit higher (can have #MFA, no SIM swap)
To be clear, even weak MFA is better than none. But this is stupid. Give the user the option for their own OTP/passkey (not possible) 🤦♂️
📣 Outpost24 acquires Infinipoint to power its entry into the Zero Trust Workforce Access market.
“With the strategic addition of Infinipoint’s unique capabilities, we are setting a new benchmark for Zero Trust Workforce Access with a holistic security layer that validates both the person and their device.” — Ido Erlichman, CEO, Outpost24
Read more: https://outpost24.com/blog/outpost24-acquires-infinipoint
#IAM #Authentication #InfoSec #DataProtection #ZeroTrust #ZeroDeviceTrust
Cal.com has patched a critical authentication bypass (CVE-2025-66489) that allowed attackers to submit any non-empty TOTP field and skip password checks. Versions ≤5.9.7 were impacted.
Update to 5.9.8 to ensure both password and TOTP verification are enforced.
How should MFA implementations be validated to prevent logic gaps like this?
Share your insights and follow us for more security reporting.
#infosec #appsec #CVE2025 #authentication #MFA #ThreatIntel #SecureCoding #SoftwareSecurity #VulnerabilityManagement #SecurityUpdate
Công cụ khởi đầu SaaS (FastAPI) với tính năng: xác thực, thanh toán, Celery + Stripe. Kiến trúc sạch, sẵn sàng sản phẩm. Mời góp ý! #SaaS #FastAPI #Authentication #XácThực #Billing #Stripe #PhátTriểnWeb
https://www.reddit.com/r/SideProject/comments/1phg7qs/built_a_saas_starter_kit_with_fastapi_auth/
🌟 Nhà sáng lập SaaS an ninh mạng đang tìm kiếm giải pháp xác thực (Authentication) hiệu quả! Hiện tại đang xem xét các lựa chọn như Auth0, Descope (với đội ngũ backer ấn tượng), và các dịch vụ nhỏ hơn khác. Với sản phẩm B2B nhắm đến CISO & Kỹ sư An ninh, việc tự xây xác thực là không khả thi. Cầu hỏi: Bạn sử dụng giải pháp nào và vì sao?
#SaaS #Authentication #Cybersecurity #KinhNghiemLapTrinh #MastodonTechnology #ViễnThôngViệtNam #StartupVietNam #TechNewsVN
You use SSH for remote authentication. But do you know how it works in the background? For SSH authentication to work, you need a server at the backend. Here is how to execute a complete SSH server installation, start to end.
#ssh #authentication #servers #sshServer #howtoSsh
https://negativepid.blog/how-to-install-and-enable-an-ssh-server/
https://negativepid.blog/how-to-install-and-enable-an-ssh-server/
Why my sudoers file doesn't let me access? #sudo #authentication #postgresql
For the absence of doubt, we've published an Internet Draft calling for a conclusion to the ARC (RFC8617) experiment we developed over 10 years ago, moving what we learned from it into work on the proposed DKIM2 specification.
https://www.ietf.org/archive/id/draft-adams-arc-experiment-conclusion-01.html
#ietf #email #security #authentication #standards #dmarc #arc #dkim
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).
(Apart from those, both serving endpoint AND client MUST be trustworthy).
🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.
🚨 Furthermore, "legitimate" MitM's * break 2️⃣.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.
😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
Has anyone done some kind of SSO / SAML auth thing which supports "N of M" type authentication?
Like, I want to log into a shared Fedi account to post something; I log into my SSO provider as usual, and another member of the same group needs to "approve" before I get a login ticket for the target account.
The intended market for this would be organisations who don't want to share a password for an account, or who want some oversight on how it's used.
Time to update your React implementation… Now!
»Admins and defenders gird themselves against maximum-severity server vuln:
Open source React executes malicious code with malformed HTML — no authentication needed.«
#javascript #react #coding #html #code #js #authentication #webdev #admin #web #dev #vuln #noauth
Cookies vs. Local Storage: What’s the Difference? When and Where to Use Each?
Cookies are suitable for authentication and session management, while local storage is ideal for storing non-sensitive data on the client side. This detailed guide explains why and when to use each.
🍪 https://www.permit.io/blog/cookies-vs-local-storage
#webdev #cookies #localstorage #guide #web #authentication #blog #guide
Europe has invested heavily in digital citizenship. During the last year, we experienced Quebec's withdrawal from emails and other digital services due to security concerns, and later, we got to experience a full-blown, certificate-based digital identity experience in Spain.
#digitalCitizenship #onlineAdministration #Europe #EU #digitalCertificates #authentication #onlineIdentity
https://negativepid.blog/online-citizenship-in-spain/
https://negativepid.blog/online-citizenship-in-spain/
Smashing Magazine: The Accessibility Problem With Authentication Methods Like CAPTCHA. “CAPTCHAs were meant to keep bots out, but too often, they lock people with disabilities out, too. From image classification to click-based tests, many ‘human checks’ are anything but inclusive. There’s no universal solution, but understanding real user needs is where accessibility truly starts.”
Request to add TOTP 2FA authenticator support in Piefed
Interesting read about #authentication and #authorization in #localfirst #p2p software.
I still have a few more alternatives to review, but the library @localfirst/auth could be a good option.
Khởi động dự án thư viện xác thực mã nguồn mở cho học tập và đóng góp cộng đồng. Mục tiêu là tạo ra một thư viện xác thực đơn giản, dễ tích hợp vào các dự án nhỏ. #XácThực #MãNguồnMở #LậpTrình #CộngĐồng #OpenSource #Authentication #Programming #Community
