A technical guide on implementing multi-tenancy in Keycloak using a single realm and client, focusing on user attributes and client scopes.
Microsoft's new number matching MFA feature impacts Remote Desktop Gateway with NPS extension, requiring a registry workaround.
A technical comparison of session-based and token-based authentication methods, with implementation examples and best practices for Node.js.
A technical guide explaining how to implement TOTP-based two-factor authentication, including code examples in Python and Hare.
Discusses security risks in Angular HTTP interceptors, especially when exposing authentication tokens, and provides examples from common implementations.
A technical guide on setting up and using a Yubikey hardware token for GPG encryption and signing, covering key generation and smart card configuration.
A comprehensive guide to implementing OAuth 2.0 authorization with multiple providers (Google, GitHub, Amazon) in a Node.js backend using Passport.js.
Guide on using OIDC authentication with Terraform's AzureRM backend to secure GitHub Actions workflows and manage storage permissions.
A guide on transferring a Google Fi eSIM to a new iPhone, including steps and security considerations for travelers.
A comprehensive guide to all OAuth 2.0 grant types, explaining their flows and use cases for secure application authorization.
A guide to fixing AsyncStorage warnings when using Firebase JS SDK with React Native by properly configuring the auth persistence layer.
A clear, step-by-step guide explaining what CSRF attacks are, how they work, and the prerequisites needed for them to succeed.
A developer shares practical tips and warnings for using YubiKeys for 2FA, SSH authentication, and sudo prompts to enhance security.
Jakarta Security 3's major update introduces OpenID Connect authentication, alongside its core API and underlying SPIs for Jakarta EE.
Explains using an LDAP Proxy with AD LDS to authenticate legacy applications during Active Directory migrations without rewriting them.
Explains two methods to access a cookie's expiration value on the server, which browsers normally don't send.
A guide to implementing efficient authentication state reuse in Playwright end-to-end tests to avoid repeated logins and speed up test suites.
A technical guide explaining how to authenticate and connect to an Azure AD B2C tenant using Azure CLI and PowerShell Az module.
Explains SSH (Secure Shell), its purpose for secure remote computer connections, and how to generate and use SSH keys.
A critical analysis of Plaid's security model, arguing its credential collection widget undermines decades of online banking security best practices.
