#authn — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #authn, aggregated by home.social.
-
Great post by Scott Helme about how ReportURI is continuously improving their account/password handling with a focus on info stealer malware: https://scotthelme.co.uk/under-attack-responding-to-the-rise-of-info-stealer-threats/ #security #authn
-
Dear LazyFedi, I'm looking for a #SaaS solution that acts as a kind of #SSO multiplexer.
I have 4 Microsoft tenancies, and I can map users to tenancies by email address. What I want is something that acts as a single frontend to all of them for #SAML / #OpenID logins.
I need this to set up SSO for some of our other SaaS products which only support one provider.
(NB: this needs to be SaaS, UK/EU based. I'm not able to self host anything in this context)
-
Dear LazyFedi, I'm looking for a #SaaS solution that acts as a kind of #SSO multiplexer.
I have 4 Microsoft tenancies, and I can map users to tenancies by email address. What I want is something that acts as a single frontend to all of them for #SAML / #OpenID logins.
I need this to set up SSO for some of our other SaaS products which only support one provider.
(NB: this needs to be SaaS, UK/EU based. I'm not able to self host anything in this context)
-
Dear LazyFedi, I'm looking for a #SaaS solution that acts as a kind of #SSO multiplexer.
I have 4 Microsoft tenancies, and I can map users to tenancies by email address. What I want is something that acts as a single frontend to all of them for #SAML / #OpenID logins.
I need this to set up SSO for some of our other SaaS products which only support one provider.
(NB: this needs to be SaaS, UK/EU based. I'm not able to self host anything in this context)
-
Dear LazyFedi, I'm looking for a #SaaS solution that acts as a kind of #SSO multiplexer.
I have 4 Microsoft tenancies, and I can map users to tenancies by email address. What I want is something that acts as a single frontend to all of them for #SAML / #OpenID logins.
I need this to set up SSO for some of our other SaaS products which only support one provider.
(NB: this needs to be SaaS, UK/EU based. I'm not able to self host anything in this context)
-
Dear LazyFedi, I'm looking for a #SaaS solution that acts as a kind of #SSO multiplexer.
I have 4 Microsoft tenancies, and I can map users to tenancies by email address. What I want is something that acts as a single frontend to all of them for #SAML / #OpenID logins.
I need this to set up SSO for some of our other SaaS products which only support one provider.
(NB: this needs to be SaaS, UK/EU based. I'm not able to self host anything in this context)
-
Excited to be speaking at @fossasia
🚀 This year, I'm diving deep into Identity and Access Management (#IAM) for #OSS.All are welcome and I encourage all knowledge levels to attend: Don't be intimidated by "advanced security"! I'm breaking down complex concepts into easy-to-understand explanations, with a historical perspective to give context.
1️⃣Explore #AuthN #AuthZ 🔐
2️⃣ @keycloak Primer 🌐
3️⃣Best Practices for #OSS 🛡️ -
Working on a project with non-InfoSec folks I was reminded that not everyone's gotten the message. All the contributors were accessing the collaboration platform with the admin's credentials ('cause it was easier than creating separate accounts). #sigh
-
@VidmoOreda @nf3xn The scraper would just be grabbing and parsing the html off the page. API interaction isn't scraping and can require authN/authZ or be wide open. If the API doesn't require authN/authZ, then I don't see how any AUP is enforceable. (I still have a way to go on API security. I'm familiar with the use of OAuth tokens for authZ. I think OIDC can be used instead, which I think uses an OAuth token with a "wrapper" to add authN. Reckon JWT is in play for authN/authZ, as well.) #api #authn #authz
-
https://dev.to/dotnet/authentication-in-asp-net-core-59k8 - there's nuance in #ASPnet #authN. Thanks for walking through it https://github.com/softchris.
-
Default passwords (in this case voicemail PIN) strike again! There are many #AuthN systems around that support sending OTPs by a phone call as an alternative/fallback to SMS (and is an accessibility requirement). Unfortunately, they can't account for this attack vector.
(Oh, and use Signal, not Telegram)
#Identity #Security
https://gbhackers.com/hackers-hijack-telegram-accounts/ -
Interesting attack method. "They are merging, wonder if they screwed up transfer? Yup."
https://www.theregister.com/2024/07/15/squarespace_fingered_for_dns_hijackings/
-
“At this point I think that #Passkeys will fail in the hands of the general consumer population. We missed our golden chance to eliminate passwords through a desire to capture markets and promote hype.”
https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/
Big sadge 😭
-
maybe i'm getting old, but i feel the recent trend towards #passwordless with #passkeys / #authn might be a bad idea.
passwords (with all their problems) are a low-tech thing. depending on the people having access to a high-end device with their keys seems highly rich-tech-bro-in-the-western-world
-
#TIL that you don’t need an #auth library like #Laravel’s fortify. Just host an AuthN provider and implement #oidc or #ldap.
If you ship a desktop app, you don’t need #AuthN because the user is authenticated through their login into their computer.
If you ship to a business, they will have an LDAP or OIDC server or will host one when needed.
If you ship an app with online account, you can just host #Keycloak or #Authentic or pay #auth0.
More below:
-
As we recap our fantastic #EverythingOpen talks, next up is William Brown @firstyear from @SUSE who walks us through #passkeys for #web #authn, showing us their ambiguities, how they work, what their limitations are, and what we need to be thinking about when we implement them.
Another fabulous talk from William.
-
Hee hee - one of my favorite uses for ChatGPT is asking it to describe topics in the style of a pirate.
"Ye see, as a pirate, the most important thing is to make sure we trust the person we're dealing with. We don't want no scallywags or imposters stealin' our booty or getting the better of us!"
-
Next in our #EverythingOpen Speaker Spotlight series, because we know you're all #nightowls - is @firstyear William Brown, who's presenting:
"Web #authn, #passkeys and you - the future of #authentication"
-
“Remember me” he asks as he checks that little box below the login.
Oh the lies we tell ourselves.
-
Hee hee - one of my favorite uses for ChatGPT is asking it to describe topics in the style of a pirate.
"Ye see, as a pirate, the most important thing is to make sure we trust the person we're dealing with. We don't want no scallywags or imposters stealin' our booty or getting the better of us!"
-
Hee hee - one of my favorite uses for ChatGPT is asking it to describe topics in the style of a pirate.
"Ye see, as a pirate, the most important thing is to make sure we trust the person we're dealing with. We don't want no scallywags or imposters stealin' our booty or getting the better of us!"
-
Hee hee - one of my favorite uses for ChatGPT is asking it to describe topics in the style of a pirate.
"Ye see, as a pirate, the most important thing is to make sure we trust the person we're dealing with. We don't want no scallywags or imposters stealin' our booty or getting the better of us!"
-
Hee hee - one of my favorite uses for ChatGPT is asking it to describe topics in the style of a pirate.
"Ye see, as a pirate, the most important thing is to make sure we trust the person we're dealing with. We don't want no scallywags or imposters stealin' our booty or getting the better of us!"
