Collaborate Disseminate
If a database full of passwords is leaked, a user can just make another password. Today biometric security checks like fingerprint scanners and face recognition are often promoted as good security measures, but let’s say that a database of… Continue reading How is biometric login protected against security leaks?
Let’s assume an API returns sensitive information (e.g. medical or financial) to authenticated users only.
In some circumstances responses may include information the user supplied in the request (e.g. if the user updates some text propert… Continue reading Is an API vulnerable to BREACH if HTTP compression is only enabled for endpoints that are authenticated using bearer tokens?
An employee is exiting your organization. Regardless of the terms of departure, an ex-staffer has the potential when they leave or change roles to impact a wide range of non-human identities, digital credentials, and other secrets. Those secrets includ… Continue reading The NHI management challenge: When employees leave
I’m working on a mobile app where users can only log in using their email address and receive an OTP to verify their identity. I’m trying to figure out the best approach for allowing users to change their email address.
Here are the option… Continue reading How to securely change email address in a Mobile App with Email OTP Based Login
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script th… Continue reading Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive informat… Continue reading The role of self-sovereign identity in enterprises
In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometric… Continue reading How hybrid workforces are reshaping authentication strategies
According to Gartner, the market for cloud computing services is expected to reach $675 billion in 2024. Companies are shifting from testing the waters of cloud computing to making substantive investments in cloud-native IT, and attackers are shifting … Continue reading Three hard truths hindering cloud-native detection and response
Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti. Understanding workplace behavior key to strengt… Continue reading 15% of office workers use unsanctioned GenAI tools
In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances… Continue reading Reducing credential complexity with identity federation