Best of AuthenticationMarch 2024

  1. 1
    Article
    Avatar of strongdmstrongdm·2y

    13 API Security Best Practices to Know in 2024

    Learn 13 API security best practices to protect your application and user data, including strong authentication mechanisms, least privilege access control, data encryption, rate limiting, and more.

  2. 2
    Article
    Avatar of appwrite_sourceAppwrite·2y

    Rethinking password security: say goodbye to plaintext passwords

    Storing passwords in plaintext poses significant security risks and vulnerabilities. Alternatives to plaintext passwords include password hashing and passwordless authentication. Appwrite provides multiple authentication methods to combat plaintext passwords.

  3. 3
    Article
    Avatar of communityCommunity Picks·2y

    Next.Js authentication using Lucia and MongoDB

    Lucia is a simple and easy-to-use auth library for servers that provides strong database support. It has built-in adapters for various databases and offers full control over user data and session management. This article explains how to set up Lucia with Next.js using MongoDB as the database and provides examples of implementing signup, login, logout, and protected routes.

  4. 4
    Article
    Avatar of phProduct Hunt·2y

    AirBadge - Auth + Payment ready in minutes

    AirBadge is a financial management system designed for early-stage startups. It offers easy authentication and payment integration.

  5. 5
    Article
    Avatar of medium_jsMedium·2y

    JWT, JWS, JWE and how to cook them

    This post explains the concepts of JWT, JWS, and JWE, provides examples of how to implement them in Go using symmetric and asymmetric algorithms, and discusses their use cases in authorization and secure information exchange.

  6. 6
    Article
    Avatar of techworld-with-milanTech World With Milan·2y

    How does Single Sign-On (SSO) work?

    Learn how Single Sign-On (SSO) works, the benefits and disadvantages of using SSO, and different SSO protocols and implementations.

  7. 7
    Article
    Avatar of tilThis is Learning·2y

    TanStack Router: Authenticated routes & Guards

    This article explores how to protect routes in a React application using TanStack Router. It covers defining guards, using data from hooks in the router context, and protecting multiple routes at once.

  8. 8
    Article
    Avatar of infoqInfoQ·2y

    ASP.NET Core Updates in .NET 9 Preview 2: Blazor, OIDC, OAuth and Configuring HTTP.sys

    ASP.NET Core in .NET 9 Preview 2 brings updates including Blazor component constructor injection, WebSocket compression for Blazor interactive server components, customizing OAuth and OIDC authorization parameters, and configuring HTTP.sys extended authentication flags.

  9. 9
    Article
    Avatar of cerbosCerbos·2y

    Guide to Web3 authorization & authentication

    The shift to Web3 involves decentralization and user-centric controls powered by the blockchain. Web3 authentication leverages blockchain technology for secure and user-centric access to DApps. Web3 authorization determines user access through smart contracts and eliminates the need for centralized control. Challenges include scalability, user experience, and private key management.

  10. 10
    Article
    Avatar of strongdmstrongdm·2y

    13 Password Management Best Practices to Know in 2024

    Learn 13 password management best practices to protect your organization's systems and data from password-related attacks.

  11. 11
    Article
    Avatar of cloudflareCloudflare·2y

    Protecting APIs with JWT Validation

    Cloudflare customers can now protect their APIs from broken authentication attacks by validating incoming JSON Web Tokens (JWTs) with API Gateway's JWT Validation. The release addresses feature requests for supporting the Bearer token format, creating multiple JWKS configs, validating JWTs sent in cookies, and excluding managed endpoints in a JWT validation rule. Broken authentication is a major threat in API security, and JWT validation helps enforce a positive security model for authenticated API users. JWTs provide short-lived sessions and enhanced security compared to other authentication methods. API attacks like missing or broken authentication, expired token reuse, and Broken Function Level Authorization attacks can be prevented with proper authentication and authorization. API Gateway's JWT Validation checks JWT signatures, expiration times, and the presence of authentication tokens to protect against these attacks. Cloudflare Access and custom Cloudflare Workers are other options for JWT validation, but API Gateway provides an easier and more manageable experience. Future releases will expand the capabilities of API Gateway, including generating and enforcing authorization policies and enhancing API management with Cloudflare.

  12. 12
    Article
    Avatar of itnextITNEXT·2y

    Mastering Authentication and User Flow in Node.js with Knex and Redis

    Learn how to create a robust authentication solution for Node.js using Knex and Redis. Explore the tools and technologies involved, and understand how to create a router for user flow.

  13. 13
    Article
    Avatar of medium_jsMedium·2y

    The Right Way To Use Riverpod in Flutter

    Learn the right way to use Riverpod in Flutter, including using it as a presenter and avoiding passing excessive data across your app.

  14. 14
    Article
    Avatar of rubylaRUBYLAND·2y

    Secure code review checklist

    A post providing a checklist for secure code review, including static code analysis, test coverage, input validation, dangerous methods, strong parameters, authentication and authorization, data handling, dependencies, business logic, configuration changes, error handling, file uploads, and third-party services.

  15. 15
    Article
    Avatar of oktaOkta Dev·2y

    Add Step-up Authentication Using Angular and NestJS

    This post demonstrates how to add step-up authentication to an Angular frontend and NestJS backend using the OAuth 2.0 Step Up Authentication Challenge Protocol. It covers setting up the authentication configuration, guarding routes with step-up authentication, and protecting API resources with the challenge. The post also mentions the possibility of ensuring authentication recency in step-up authentication.

  16. 16
    Article
    Avatar of appwrite_sourceAppwrite·2y

    The cost of convenience: preventing password sharing

    Password sharing poses significant risks for businesses, including security breaches, data leaks, compliance violations, and loss of intellectual property. To prevent password sharing, businesses can enforce multi-factor authentication, adopt passkeys or passwordless authentication, deploy time-based one-time passwords, enable role or policy-based access control, implement password policies, and promote education and awareness. Technological solutions include authentication systems, passwordless authentication technologies, access management tools, and user and entity behavior analytics. Cultivating a culture of security among developers is also crucial in preventing password sharing.

  17. 17
    Article
    Avatar of javacodegeeksJava Code Geeks·2y

    KeyCloak vs. OAuth 2.0 Authorization

    Comparison of KeyCloak and OAuth 2.0 Authorization for securing web applications.

  18. 18
    Video
    Avatar of codeheimcodeHeim·2y

    #30 Golang - User Authentication with Gin Gonic & GORM - Part 2

    This post discusses the implementation of user authentication with Gin Gonic and GORM in a Golang application. It covers topics like middleware for authorization, handling user session management, and improving app security and user experience.

  19. 19
    Video
    Avatar of codeheimcodeHeim·2y

    #29 Golang - User Authentication with Gin Gonic & GORM - Part 1

    Learn how to set up user authentication in a Gin Gonic application using GORM. Discover the importance of password hashing and how to log out a user.

See all Authentication archives