How hybrid workforces are reshaping authentication strategies

In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometric… Continue reading How hybrid workforces are reshaping authentication strategies

Reducing credential complexity with identity federation

In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances… Continue reading Reducing credential complexity with identity federation

What are the downsides of matching by email in SSO logins (e.g. Google, Facebook, Apple, Microsoft)?

Context
I’ve read somewhere that one should not match by email (e.g. the email given by the Google JWT token) when using SSO (e.g. OpenID Connect) but it’s not clear to me why.
The recommended approach seems to be using aud and sub claims … Continue reading What are the downsides of matching by email in SSO logins (e.g. Google, Facebook, Apple, Microsoft)?

Critical Authentication Flaw Haunts GitHub Enterprise Server

GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users.
The post Critical Authentication Flaw Haunts GitHub Enterprise Server appeared first on SecurityWeek.
Continue reading Critical Authentication Flaw Haunts GitHub Enterprise Server

How passkeys eliminate password management headaches

In this Help Net Security interview, David Cottingham, President at rf IDEAS, discusses the key benefits organizations can expect when implementing passkeys. Cottingham addresses the misconceptions surrounding the adoption of passkeys, particularly in … Continue reading How passkeys eliminate password management headaches

What’s the point of users having to authorize their SSH keys and tokens they created themselves when SAML single sign-on is enabled on GitHub?

In GitHub’s Enterprise Cloud docs it says:

To use an SSH key with an organization that uses SAML single sign-on (SSO), you must first authorize the key.

I understand that organization admins could have the power to invalidate individual … Continue reading What’s the point of users having to authorize their SSH keys and tokens they created themselves when SAML single sign-on is enabled on GitHub?