Best of AuthenticationSeptember 2025

  1. 1
    Article
    Avatar of bytebytegoByteByteGo·32w

    How Grab Built An Authentication System for 180+ Million Users

    Grab transformed their fragmented authentication system serving 180+ million users by adopting OpenID Connect (OIDC) and implementing Dex, an open-source federated identity provider. The solution unified authentication across internal and external applications, replacing multiple custom OAuth implementations with a standardized approach. Key features include token delegation for service-to-service communication, multi-IdP failover for high availability, and single sign-on capabilities. This centralized system improved security, reduced administrative overhead, and provided a consistent user experience across Grab's ecosystem of ride-hailing, payments, and delivery services.

  2. 2
    Article
    Avatar of thnThe Hacker News·30w

    How One Bad Password Ended a 158-Year-Old Business

    KNP Logistics, a 158-year-old UK transport company, was forced into administration after the Akira ransomware group gained access through a weak, easily guessed employee password. The attackers encrypted critical data, destroyed backups, and demanded £5 million ransom, leading to 700 job losses. The incident highlights how basic security failures can destroy established businesses, with 45% of compromised passwords being crackable within a minute. Strong password policies, multi-factor authentication, zero-trust architecture, and tested backup systems are essential defenses against such attacks.

  3. 3
    Article
    Avatar of cloudflareCloudflare·30w

    Every Cloudflare feature, available to everyone

    Cloudflare announces a major shift in its product strategy, making nearly all enterprise-only features available to customers on any plan without requiring sales calls or contracts. The rollout begins with Single Sign-On (SSO) for the dashboard, which is now accessible to all users. This change aims to democratize access to advanced security and performance tools, removing the traditional two-tiered system that restricted powerful features to large organizations. Future product releases will follow this self-service model from launch.

  4. 4
    Video
    Avatar of youtubeYouTube·32w

    How to Design APIs Like a Senior Engineer (REST, GraphQL, Auth, Security)

    A comprehensive guide covering advanced API design principles that distinguish senior engineers from junior developers. Explores REST, GraphQL, and gRPC architectures, application protocols (HTTP, WebSockets, AMQP), transport layer protocols (TCP/UDP), and authentication methods including OAuth2 and JWT tokens. Covers practical aspects like resource modeling, status codes, error handling, filtering, pagination, and security best practices for building scalable, maintainable APIs.

  5. 5
    Video
    Avatar of asaprogrammerAs a Programmer·32w

    Build and Deploy a Realtime Chat App with React, Node.js, Socket.io

    A comprehensive tutorial for building a full-stack real-time chat application featuring user authentication, live messaging, online status indicators, notification sounds, and image uploads. The project covers backend development with Node.js and Express, real-time functionality with Socket.io, MongoDB database integration, JWT authentication, email notifications, and React frontend development. Includes deployment instructions and uses free tools throughout the development process.

  6. 6
    Article
    Avatar of microservicesioMicroservices.io·31w

    Authentication and authorization in a microservice architecture - Part 4 - fetching and replicating authorization data

    Explores two strategies for handling remote authorization data in microservices: fetch and replicate. The fetch strategy involves making HTTP calls or using the Saga pattern to retrieve authorization data from other services, while the replicate strategy uses CQRS to maintain local copies of authorization data synchronized through events. Each approach has trade-offs between simplicity, runtime coupling, and data freshness.

  7. 7
    Article
    Avatar of freecodecampfreeCodeCamp·31w

    Master Authentication and Authorization in ASP.NET

    A comprehensive course covering authentication and authorization in ASP.NET applications. Learn to set up Identity tables with Entity Framework Core, configure JWTs, create authentication controllers, manage user registration and login, handle access and refresh tokens, and implement role-based authorization for secure web applications.

  8. 8
    Article
    Avatar of ergq3auoeReinier·31w

    Next.js 15 AI Image Editor SaaS – Build a Full Stack App with Neon, Polar, Better Auth & ImageKit

    A comprehensive tutorial for building an AI-powered image editing SaaS application using Next.js 15, featuring user authentication, payment processing with credits system, AI image manipulation capabilities (background removal, upscaling, smart cropping), and complete project management. The stack includes Neon PostgreSQL database, Polar for payments, Better Auth for authentication, ImageKit for AI image processing, and Vercel deployment.

  9. 9
    Video
    Avatar of TechWithTimTech With Tim·32w

    MCP Protocol Tutorial: Build an MCP Server for Your App (Clerk, Next.js, Prisma)

    A comprehensive tutorial demonstrating how to build a full-stack bookmark manager application using Next.js, Clerk for authentication, and Prisma for database management, with a focus on creating an MCP (Model Context Protocol) server that allows AI tools like Cursor to interact with the application's data through proper OAuth authentication flows.

  10. 10
    Article
    Avatar of systemdesigncodexSystem Design Codex·32w

    JWT versus PASETO

    JWT and PASETO are both token-based authentication mechanisms for secure client-server communication. JWT is widely adopted but has security pitfalls like algorithm confusion attacks and complex configuration choices. PASETO was designed as a safer alternative with secure defaults, enforced modern cryptography, and simplified specifications to prevent developer errors. While JWT has better ecosystem support and adoption, PASETO offers improved security through its opinionated approach that removes insecure options.

  11. 11
    Video
    Avatar of wdsWeb Dev Simplified·31w

    How To Handle Data Access Like a Senior Dev

    Demonstrates how to implement a proper data access layer (DAL) in Next.js applications to centralize database operations, user authentication checks, and error handling. Shows the evolution from naive direct database access in components to a sophisticated system that returns either success or error states, enabling flexible handling of different scenarios like API routes vs page rendering. Covers both basic and advanced DAL patterns with TypeScript for better type safety and maintainability.

  12. 12
    Article
    Avatar of bytebytegoByteByteGo·29w

    EP182: Cookies vs Sessions

    Explores the fundamental differences between cookies and sessions for user authentication in web applications. Cookies store data directly on the client side and are simpler to implement but less secure, while sessions store data server-side with only a session ID on the client, offering better security at the cost of additional server resources. Also covers access control models (RBAC, ABAC, ACL), machine learning fine-tuning techniques (Full Fine-Tuning, LoRA, RAG), Git reset operations, and Apache Kafka architecture.

  13. 13
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·32w

    How to Prevent CSRF Attacks in Your Applications

    Explores three major CSRF attack prevention strategies with practical demonstrations: SameSite cookie attributes that control cross-site cookie transmission, synchronizer token patterns that validate server-generated tokens, and double submit patterns that compare tokens from cookies and forms. Each mitigation addresses different core issues - browsers automatically attaching credentials and servers being unable to distinguish request origins. Includes live code examples and explanations of why attackers cannot forge CSRF tokens due to Same-Origin Policy restrictions.

  14. 14
    Article
    Avatar of freecodecampfreeCodeCamp·32w

    How to Use Postman Scripts to Simplify Your API Authentication Process

    Learn how to automate JWT authentication in Postman using scripts to eliminate repetitive token copying and pasting. The guide covers writing JavaScript code in Postman's post-response scripts to automatically capture authentication tokens from API responses, store them in collection variables, and reuse them across multiple requests without manual intervention.

  15. 15
    Video
    Avatar of wdsWeb Dev Simplified·29w

    Learn the Authentication Features that No One Else Is Teaching

    A comprehensive tutorial covering advanced authentication features using Better Auth with Next.js. Demonstrates implementation of email/password authentication, OAuth signin, passkey authentication, two-factor authentication with backup codes, session management, user roles and permissions, organization management, and security measures using ArcJet for rate limiting and bot protection. Includes practical examples of form handling with React Hook Form and Zod validation, database integration with Drizzle ORM, and UI components with shadcn/ui.

  16. 16
    Article
    Avatar of logrocketLogRocket·29w

    A step-by-step guide to building a full-stack app with TanStack Start

    A comprehensive tutorial demonstrating how to build a full-stack recipe-sharing application using TanStack Start, a new React meta-framework. The guide covers setting up authentication with Better Auth and Google OAuth, database integration with Prisma and PostgreSQL, creating CRUD operations with server functions, building UI components with Shadcn, implementing dynamic routing, and protecting routes with middleware. The tutorial walks through creating pages for listing, adding, editing, and viewing recipes, complete with form handling and user session management.

  17. 17
    Video
    Avatar of bytemonkByteMonk·31w

    How Databases Store Passwords Securely

    Password security in databases relies on multiple layers of protection. Hash functions convert passwords into irreversible fingerprints, but hackers can use rainbow tables to crack common passwords. Adding unique salts prevents rainbow table attacks by making identical passwords produce different hashes. Adaptive algorithms like bcrypt, scrypt, and Argon2 slow down brute force attacks by making password hashing computationally expensive. Some companies add peppers (secret values stored separately) for extra protection. Major companies follow OWASP guidelines and are moving toward passwordless authentication using passkeys, which eliminate the need to store password data entirely.

See all Authentication archives