TSM at WorkJun 11
So between the two parallel methods of #authn/#authz for this #kubernetes #cluster, which one is ordinary income tax and which one is Alternative Minimum Tax? Which one punishes you arbitrarily because some #committee couldn't be arsed to ensure that the #solution still applies only to the #problem it was originally meant to address and isn't giving nasty #surprises to unsuspecting people?
zerokMay 11
Great post by Scott Helme about how ReportURI is continuously improving their account/password handling with a focus on info stealer malware: https://scotthelme.co.uk/under-attack-responding-to-the-rise-of-info-stealer-threats/ #security #authn
Under Attack: Responding to the Rise of Info-Stealer Threats

We recently received a claim that Report URI had been breached and that customer credentials had been stolen. The claim was false: we do not store passwords in a recoverable format. But the credentials themselves were real, and that made the situation more interesting. They appeared to come from info-stealer

Scott Helme
Dick ArmoireFeb 25

Dear LazyFedi, I'm looking for a #SaaS solution that acts as a kind of #SSO multiplexer.

I have 4 Microsoft tenancies, and I can map users to tenancies by email address. What I want is something that acts as a single frontend to all of them for #SAML / #OpenID logins.

I need this to set up SSO for some of our other SaaS products which only support one provider.

(NB: this needs to be SaaS, UK/EU based. I'm not able to self host anything in this context)

#Authentication #AuthN

Alejandro BaezFeb 9

So I started to look over again for self hosting #oidc #authn. #pocketid, #voidauth, and #hanko are the simplest. All #passkey focused.

Yet still, Pocket ID is by far the easiest to run. Strictly Unix like focused on doing one thing. But doing one thing really well. 😎

https://pocket-id.org/

Pocket ID | Simple OIDC Provider

A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.

Pocket ID
robrichAug 13, 2025
https://dev.to/dotnet/authentication-in-asp-net-core-59k8 - there's nuance in #ASPnet #authN. Thanks for walking through it https://github.com/softchris.
Authentication in ASP .NET Core

How you can authenticate users in .NET Core

DEV Community
Nishant KaushikApr 3, 2025
Default passwords (in this case voicemail PIN) strike again! There are many #AuthN systems around that support sending OTPs by a phone call as an alternative/fallback to SMS (and is an accessibility requirement). Unfortunately, they can't account for this attack vector.
(Oh, and use Signal, not Telegram)
#Identity #Security
https://gbhackers.com/hackers-hijack-telegram-accounts/
Hackers Hijack Telegram Accounts via Default Voicemail Passwords

The Israeli Internet Association has issued a public warning about a surge in cyberattacks targeting Telegram accounts in Israel.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Augustine CorreaMar 10, 2025

Excited to be speaking at @fossasia
🚀 This year, I'm diving deep into Identity and Access Management (#IAM) for #OSS.

All are welcome and I encourage all knowledge levels to attend: Don't be intimidated by "advanced security"! I'm breaking down complex concepts into easy-to-understand explanations, with a historical perspective to give context.

1️⃣Explore #AuthN #AuthZ 🔐
2️⃣ @keycloak Primer 🌐
3️⃣Best Practices for #OSS 🛡️

#FOSSAsia2025

iRODSAug 28, 2024

iRODS PAM Interactive Authentication Plugin v0.1.0 is released!

https://irods.org/2024/08/initial-release-of-the-irods-pam-interactive-auth-plugin/

#irods #cpp #authn #pam #openid #kerberos

iRODS

BillJul 16, 2024

Interesting attack method. "They are merging, wonder if they screwed up transfer? Yup."

https://www.theregister.com/2024/07/15/squarespace_fingered_for_dns_hijackings/

#squarespace #dns #authn

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms

Company keeps quiet amid high-profile compromises

The Register
Kyle AndersonApr 27, 2024

“At this point I think that #Passkeys will fail in the hands of the general consumer population. We missed our golden chance to eliminate passwords through a desire to capture markets and promote hype.”

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

Big sadge 😭

#infosec #authn #webauthn

Passkeys: A Shattered Dream

Firstyear's blog