Upcoming Changes to Let’s #Encrypt #Certificates - #API Announcements - #LetsEncrypt Community Support

Let’s Encrypt is introducing several updates to the certificates we issue, including new #rootCertificates , deprecation of #TLS client #authentication , & shortening certificate lifetimes. To help roll out changes gradually, we’re making use of ACME profiles to allow users to have control over when some of these changes take place. For most users, no action required

https://community.letsencrypt.org/t/upcoming-changes-to-let-s-encrypt-certificates/243873

Hey #mastodon this is something to look at! @soatok just announced v0.1.0 of their key transparency specification for the Fediverse!

https://soatok.blog/2025/12/15/announcing-key-transparency-fediverse/

This is an incredibly useful project, something really missing in a robust decentralized architecture.

#fedi #fediverse #crypto #cryptography #authentication #security #federation #digitalsovereignty #digitalselfsovereignty

Start 2026 with one upgrade that pays off immediately: tighten identity verification across your organization. In this week’s Cyberside Chats: Live, Sherri Davidoff and Matt Durrin break down how AI-driven impersonation is changing the rules and the quick wins security teams should prioritize first.

Two more days to register: https://www.lmgsecurity.com/event/cyberside-chats-live-ai-broke-trust-identity-has-to-step-up-in-2026/

#CybersideChats #IdentitySecurity #AIThreats #Deepfakes #Authentication #SecurityAwareness #CyberRisk #EnterpriseSecurity

How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide)

This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.

If you're using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.

Using a key to ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-ssh-login-with-public-key-authentication/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #sshcommands #publickey

Giới thiệu Toqen – luồng xác thực bảo vệ quyền riêng tư bằng mã QR và TOTP tạm thời, không cần tài khoản/mật khẩu. Giải pháp giảm thiểu thu thập dữ liệu, phù hợp cho SaaS, khóa học, sự kiện. TONs? #Authentication #Privacy #SaaS #XácThực #QuyềnRiêngTư #PhầnMềmSaaS

https://www.reddit.com/r/SaaS/comments/1pkm1pt/building_a_privacyfirst_authentication_flow_with/

Các loại token Git không thể thay thế nhau. PAT: Dùng cho truy cập cá nhân. Token Deploy: Cho CI/CD. Token CI: Tự động hóa. Hiểu đúng để tránh lỗi hệ thống. #Git #Authentication #GitTokens #DangNhap #GitToken

https://www.reddit.com/r/programming/comments/1pk2ltp/git_tokens_arent_interchangeable_heres_what_each/

MOSS là thư viện chữ ký cho hệ thống đa đại lý, giúp truy xuất nguồn gốc đầu ra bằng ID mã hóa. Mỗi hành động của đại lý đều được xác thực, chống giả mạo và phát hiện gửi lại. Sử dụng ML-DSA-44, SHA-256, tích hợp CrewAI/LangChain. #AI #BảoMật #MãNguồnMở #MultiAgent #Authentication

Tài trợ bởi: mosscomputing.com 🌐
Các tag khác: #CôngNghệAI #AnToànThiếtBị #PostQuantum #Audit

https://www.reddit.com/r/LocalLLaMA/comments/1pieibs/moss_signing_library_for_multiagent_pipelines/

NO NO NO, #Shell! Every #security benchmark considers SMS & Email OTP as weak #authentication. But I would rank Email a bit higher (can have #MFA, no SIM swap)

To be clear, even weak MFA is better than none. But this is stupid. Give the user the option for their own OTP/passkey (not possible) 🤦‍♂️

📣 Outpost24 acquires Infinipoint to power its entry into the Zero Trust Workforce Access market.

“With the strategic addition of Infinipoint’s unique capabilities, we are setting a new benchmark for Zero Trust Workforce Access with a holistic security layer that validates both the person and their device.” — Ido Erlichman, CEO, Outpost24

Read more: https://outpost24.com/blog/outpost24-acquires-infinipoint

#IAM #Authentication #InfoSec #DataProtection #ZeroTrust #ZeroDeviceTrust

Cal.com has patched a critical authentication bypass (CVE-2025-66489) that allowed attackers to submit any non-empty TOTP field and skip password checks. Versions ≤5.9.7 were impacted.

Update to 5.9.8 to ensure both password and TOTP verification are enforced.
How should MFA implementations be validated to prevent logic gaps like this?

Source: https://gbhackers.com/critical-cal-com-flaw-allows-attackers-to-bypass-authentication-using-fake-totp-codes/

Share your insights and follow us for more security reporting.

#infosec #appsec #CVE2025 #authentication #MFA #ThreatIntel #SecureCoding #SoftwareSecurity #VulnerabilityManagement #SecurityUpdate

Công cụ khởi đầu SaaS (FastAPI) với tính năng: xác thực, thanh toán, Celery + Stripe. Kiến trúc sạch, sẵn sàng sản phẩm. Mời góp ý! #SaaS #FastAPI #Authentication #XácThực #Billing #Stripe #PhátTriểnWeb

https://www.reddit.com/r/SideProject/comments/1phg7qs/built_a_saas_starter_kit_with_fastapi_auth/

🌟 Nhà sáng lập SaaS an ninh mạng đang tìm kiếm giải pháp xác thực (Authentication) hiệu quả! Hiện tại đang xem xét các lựa chọn như Auth0, Descope (với đội ngũ backer ấn tượng), và các dịch vụ nhỏ hơn khác. Với sản phẩm B2B nhắm đến CISO & Kỹ sư An ninh, việc tự xây xác thực là không khả thi. Cầu hỏi: Bạn sử dụng giải pháp nào và vì sao?

#SaaS #Authentication #Cybersecurity #KinhNghiemLapTrinh #MastodonTechnology #ViễnThôngViệtNam #StartupVietNam #TechNewsVN

https://www.reddit.com/r/SaaS/co

You use SSH for remote authentication. But do you know how it works in the background? For SSH authentication to work, you need a server at the backend. Here is how to execute a complete SSH server installation, start to end.

#ssh #authentication #servers #sshServer #howtoSsh

https://negativepid.blog/how-to-install-and-enable-an-ssh-server/
https://negativepid.blog/how-to-install-and-enable-an-ssh-server/

Why my sudoers file doesn't let me access? #sudo #authentication #postgresql

https://askubuntu.com/q/1560579/612

For the absence of doubt, we've published an Internet Draft calling for a conclusion to the ARC (RFC8617) experiment we developed over 10 years ago, moving what we learned from it into work on the proposed DKIM2 specification.

https://www.ietf.org/archive/id/draft-adams-arc-experiment-conclusion-01.html

#ietf #email #security #authentication #standards #dmarc #arc #dkim

@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:

1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).

(Apart from those, both serving endpoint AND client MUST be trustworthy).

🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.

🚨 Furthermore, "legitimate" MitM's * break 2️⃣.

* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.

😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.

😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").

@cendyne @soatok @chazh

#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil

Has anyone done some kind of SSO / SAML auth thing which supports "N of M" type authentication?

Like, I want to log into a shared Fedi account to post something; I log into my SSO provider as usual, and another member of the same group needs to "approve" before I get a login ticket for the target account.

The intended market for this would be organisations who don't want to share a password for an account, or who want some oversight on how it's used.

#SSO #SAML #Authentication

Time to update your React implementation… Now!

»Admins and defenders gird themselves against maximum-severity server vuln:
Open source React executes malicious code with malformed HTML — no authentication needed.«

🪲 https://arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability/

#javascript #react #coding #html #code #js #authentication #webdev #admin #web #dev #vuln #noauth

Cookies vs. Local Storage: What’s the Difference? When and Where to Use Each?

Cookies are suitable for authentication and session management, while local storage is ideal for storing non-sensitive data on the client side. This detailed guide explains why and when to use each.

🍪 https://www.permit.io/blog/cookies-vs-local-storage

#webdev #cookies #localstorage #guide #web #authentication #blog #guide

Europe has invested heavily in digital citizenship. During the last year, we experienced Quebec's withdrawal from emails and other digital services due to security concerns, and later, we got to experience a full-blown, certificate-based digital identity experience in Spain.

#digitalCitizenship #onlineAdministration #Europe #EU #digitalCertificates #authentication #onlineIdentity

https://negativepid.blog/online-citizenship-in-spain/
https://negativepid.blog/online-citizenship-in-spain/