BCWHS4d ago
Plans, Policies, and Procedures: Identification and Authentication
Defines how an organization establishes and verifies a user's identity for access to systems and resources.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #Identification #Authentication #technology
Felix Palmen  4d ago

Just released: #swad v0.3!

https://github.com/Zirias/swad/releases/tag/v0.3

swad is the "Simple Web Authentication Daemon", your tiny, efficient and (almost) dependency-free solution to add #cookie + login #form #authentication to whatever your #reverse #proxy offers. It's written in pure #C, portable across #POSIX platforms. It's designed with #nginx' 'auth_request' in mind, example configurations are included.

This release brings a file-based credential checker in addition to the already existing one using #PAM. Also lots of improvements, see details in the release notes.

I finally added complete build instructions to the README.md:

https://github.com/Zirias/swad

And there's more documentation available: manpages as well as a fully commented example configuration file.

Release swad 0.3 · Zirias/swad

New features: New credential checker "file", using a password file with bcrypt hashes New tool "swadpw", for editing password files Improvements: [Performance] Support epoll, kqueue and poll in ...

GitHub
Mr Tech King4d ago
Could blockchain kill the password? While its decentralized nature offers robust security via crypto keys & self-sovereign IDs, challenges like cost & adoption remain. For now, passwords combined with MFA are likely here to stay. #Blockchain #CyberSecurity #Authentication
Show threadBrad Rubenstein “Apr 18
Mothers maiden name: 5472615884
First car owned: 3656654851
Favorite color: 2580548933

They get generated and stored in the password manager, for each account as needed.

The advantage of ten digit numbers is that they are easy to communicate to a customer service agent over the phone.

IME, no agent has ever batted an eye. It's not even lying. It's just being clear on the purpose.

@marasawr

#Passwords #SecretQuestions #Authentication #Privacy

Frontend DogmaApr 14

Secure a Vue App With OpenID Connect and the BFF Pattern, by @duendesoftware.com:

https://blog.duendesoftware.com/posts/20250409-secure-vue-app-with-openid-connect-bff-pattern/

#vuejs #security #authentication

Duende Software Blog

We help companies using .NET to build identity and access control solutions for modern applications.

Rad Web HostingApr 12

How to Setup SSH Login with Public Key #Authentication (4 Step Quick-Start Guide)

This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.

If you're using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.

Using a key to ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-ssh-login-with-public-key-authentication/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #publickey #sshcommands

How To Setup SSH Login With Public Key Authentication (4 Step Quick-Start Guide) - VPS Hosting Blog | Dedicated Servers | Reseller Hosting

This article describes how to setup SSH login with public key authentication across your servers and clients for secure access.

RadWeb, LLC
HabrApr 10

Атаки через новый OAuth flow, authorization code injection, и помогут ли HttpOnly, PKCE и BFF

В статье детально рассмотрим интересный вектор атаки на приложения, использующие OAuth/OIDC, разберем, какие предусловия для этого нужны, и увидим, что они не так недостижимы, как может показаться на первый взгляд. Затронем использование паттерна Backend-for-Frontend и способы реализации PKCE для confidential clients, попутно проверив, помогают ли они защититься от рассматриваемой атаки. Взглянем и на другие существующие рекомендации и предлагаемые лучшие практики, а также подумаем над прочими мерами защиты, которые действительно могут помочь. Все это с примерами, схемами и даже видео. Материал будет интересен как для занимающихся разработкой приложений, так и для представляющих атакующую сторону.

https://habr.com/ru/articles/880544/

#аутентификация #authentication #pkce #backendforfrontend #bff #authorization_code_injection #confidential_clients #токен #session_id #httponly

Атаки через новый OAuth flow, authorization code injection, и помогут ли HttpOnly, PKCE и BFF

В статье детально рассмотрим интересный вектор атаки на приложения, использующие OAuth/OIDC, разберем, какие предусловия для этого нужны, и увидим, что они не так недостижимы, как может показаться на...

Хабр
Felix Palmen  Apr 10

Just released: #swad v0.2

SWAD is the "Simple Web Authentication Daemon", meant to add #cookie #authentication with a simple #login form and configurable credential checker modules to a reverse #proxy supporting to delegate authentication to a backend service, like e.g. #nginx' "auth_request". It's a very small piece of software written in pure #C with as little external dependencies as possible. It requires some #POSIX (or "almost POSIX", like #Linux, #FreeBSD, ...) environment, OpenSSL (or LibreSSL) for TLS and zlib for response compression.

Currently, the only credential checker module available offers #PAM authentication, more modules will come in later releases.

swad 0.2 brings a few bugfixes and improvements, especially helping with security by rate-limiting the creation of new sessions as well as failed login attempts. Read details and grab it here:

https://github.com/Zirias/swad/releases/tag/v0.2

Release swad 0.2 · Zirias/swad

New features: Configurable rate-limits for new session creation Configurable rate-limits for failed login attempts (per session, realm and user name) Configurable types of proxy headers (X-Forward...

GitHub
Lenin alevski 🕵️💻Apr 8

New Open-Source Tool Spotlight 🚨🚨🚨

TinyAuth is a lightweight authentication backend that integrates seamlessly into your project with minimal setup. It supports password hashing (bcrypt, argon2) and JSON Web Tokens (JWT). Perfect for those prioritizing simplicity without sacrificing security. #Authentication #OpenSource

🔗 Project link on #GitHub 👉 https://github.com/steveiliop56/tinyauth

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

GitHub - steveiliop56/tinyauth: The simplest way to protect your apps with a login screen.

The simplest way to protect your apps with a login screen. - steveiliop56/tinyauth

GitHub
Epic Eric Apr 6

Password auth in Rust, from scratch - Attacks and best practices

https://lpalmieri.com/posts/password-authentication-in-rust/

#rust #rustlang #authentication

Password auth in Rust, from scratch - Attacks and best practices

Password authentication is seen as the simplest auth method, but there are plenty of pitfalls along the way. We will implement Basic auth from scratch, examining several classes of attacks against our API - and how to counter them.