In the past I've found #problems in #software, problems with #websites, with bureaucratic processes, some of which were significant, but they all pale in comparison to this one.
I recently found: AAD Auth from Canonical/Ubuntu for native AzureAD auth for Ubutnu systems. For the past bit we've mostly been Windows/macOS, and never really entertained linux for business use - mostly because we've never had the tooling for it. We exclusively use Azure AD (no on-prem AD), so in the past when looking the...
Usually I polish my work a bit more before releasing it publicly, but I really wanted to give people interested in making fediverse apps for everyone a bit of a head start.
Here's a very work-in-progress authentication server I use for my fediverse connections data visualization project:
Announcing General Availability of Authenticator Lite (in Outlook)
"Authenticator Lite (in Outlook) expands the opportunity to convert users by bringing the enhanced security of push notifications to devices that have not yet downloaded the Microsoft Authenticator App. "
Here’s how long it takes new #BrutePrint attack to unlock 10 different smartphones
Researchers have devised a low-cost #smartphone attack that cracks the #authentication#fingerprint used to unlock the screen and perform other sensitive actions on a range of #Android devices in as little as 45 minutes. #privacy
Why on earth does the Docker bearer token flow reference oauth so much but then just isn't quite oauth? It even uses a GET request for the token, not POST, which is particularly weird. I'm not much of a fan of oauth but being oauth-esque is a bit annoying! #docker#oauth#authentication#podman
Newbie question: what is best #mfa#authentication method for #offline networks? I am playing around with a lab environment where I want good mfa inside but don’t want it to connect to the internet. My current point of view is: I can not place #Fido there since it „needs“ internet in many ways.. right? . My current way of thinking is i build a PKI into this network and use it with #yubikey acting as a Smartcard but not #u2f or #fido2 . Am I wrong ? Is there better options?
If passkeys are easy enough to use, will people be less inclined to stay logged in via cookies? (Password managers have shifted me this direction.) Will websites cut down on the "stay logged in" option? Because there's a market for cookie credentials to break into accounts. #Security#PasswordManager#passkey#login#authentication
Happy to annouce that I successfully defended my doctoral thesis "Usability, Security, and Privacy of Risk-Based Authentication" at Ruhr University Bochum.
It started in 2017 with a study on RBA use on popular websites. Never thought that this would end in 7 publications, >125 citations, public recognition by people I'm a big fan of, a DAAD RISE Germany scholarship, an internship at Meta, and the Open Data Impact Award 2022.
With Google recently announcing “The beginning of the end of the password” I started thinking about #WordPress and what plugins are available that allow for #passkey support for #authentication. Using only your username you can use the passkey system to use your computer or mobile device to perform the rest of the login sequence.
The latest episode of Under the Radar got me rethinking my approach for accessing the IGDB API.
At the moment I’ve got a proxy server I set up which basically just handles the authentication process between QuestLogger and the API.
This is apparently the way IGDB suggests to access the API through a native app but I’m wondering if it’s feasible to do that on-device without causing issues.
Any #swift devs out there who are knowledgeable about Oauth with thoughts? 🤷♂️
I’ll probably regret asking, but what are people’s preferred #ruby#authentication gems these days?
I’ve used but hated #devise. Have no opinions on #clearance. Really enjoyed #sorcery but it seems like there’s a v1 rewrite happening which I am always suspicious of. I have been reading up on #rodauth but since this is going to be a #rails app I’m hesitant to jam #roda into it. And does the answer change for an api-only app?
The answer is to suck it up and use devise isn’t it?
Ubuntu Azure AD Authentication
I recently found: AAD Auth from Canonical/Ubuntu for native AzureAD auth for Ubutnu systems. For the past bit we've mostly been Windows/macOS, and never really entertained linux for business use - mostly because we've never had the tooling for it. We exclusively use Azure AD (no on-prem AD), so in the past when looking the...