allan.simon – WindowsTechs.com

Login/Registration: why is not telling the users they got their username wrong during login, if registration already hint username existence?

Posted on November 10, 2023 by allan.simon

It’s considered a best practice in security for login form to provide a vague error message

your username or password is wrong

rather than the more precise:

username does not exists
wrong password

the understandable justification is th… Continue reading Login/Registration: why is not telling the users they got their username wrong during login, if registration already hint username existence?→

Is using two cookies one Lax and one Strict a way to improve usability without compromising security?

Posted on October 1, 2023 by allan.simon

My understanding is that

Strict is the best as, admitting you have a recent browser, it completely replaces the need for CSRF Token.
Strcit is however a big hit on usability as things like SSO or just having a link in email to go to a log… Continue reading Is using two cookies one Lax and one Strict a way to improve usability without compromising security?→