How to implement constant-time equality checks in ColdFusion to prevent timing attacks on authentication code.
Microsoft Entra ID now supports Passkeys in Registration Campaigns, nudging users towards passwordless authentication.
Guide on identifying third-party apps with poor authentication in Microsoft Entra to prevent supply chain attacks.
Troubleshooting WeeChat using the wrong nickname after SASL authentication on IRC.
Microsoft Entra ID now allows restricting multi-tenant apps to specific authorized tenants, enhancing security for SaaS applications.
Explains how MCP tools in IBM watsonx Orchestrate use OAuth and SSO to act securely on behalf of users, with a code example.
Explains how to combine AWS AgentCore with Agentgateway for secure, identity-aware authentication in AI agent deployments.
A technical guide on implementing Two-Factor Authentication (2FA) using TOTP and QR codes in ASP.NET Core for enhanced security.
A guide to using OpenID Connect and tsidp for centralized authentication in a homelab, replacing passwords for services like Proxmox and Portainer.
A guide to implementing Conditional Access policies for securing Azure Virtual Desktop, covering architecture, policy configuration, and best practices.
Discusses the critical need for secure account recovery workflows when implementing passkeys, highlighting Microsoft Entra's new preview solution.
Troubleshooting guide for fixing the 'browser blocked popup' error when creating a Logic App connection in the Azure Portal.
A practical guide to implementing essential API security best practices in Spring Boot, including HTTPS, JWT authentication, authorization, and rate limiting.
Microsoft fixes Web Account Manager (WAM) authentication issues in Microsoft Graph PowerShell, making it the default login on Windows.
Explores a novel, anonymous web login system using secret keys instead of email or social logins, highlighting its trade-offs.
Microsoft introduces cloud-only Kerberos authentication for Azure Files using Entra ID, eliminating the need for traditional domain controllers.
A developer details a frustrating bug in GitHub's 2FA system that prevents removing SMS authentication without adding an authenticator app first.
ASP.NET Core 10 introduces new OpenTelemetry metrics for Identity, tracking sign-ins, user management, and 2FA events.
ASP.NET Core 10 improves middleware and endpoint routing separation, making authentication and authorization more predictable by handling routing implicitly.
Analyzes the pros and cons of renaming the built-in SQL Server 'sa' account as a security measure against brute-force attacks.
