A website asks you to enter a Microsoft/Google/Facebook password. How do you know it is safe?

A website prompts me to log in to my Microsoft Account. In order to perform my task, it requires me to enter that password.
How does the "average user" avoid giving all their login details to a malicious website? What would you… Continue reading A website asks you to enter a Microsoft/Google/Facebook password. How do you know it is safe?

How hybrid workforces are reshaping authentication strategies

In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometric… Continue reading How hybrid workforces are reshaping authentication strategies

Reducing credential complexity with identity federation

In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances… Continue reading Reducing credential complexity with identity federation

What are the downsides of matching by email in SSO logins (e.g. Google, Facebook, Apple, Microsoft)?

Context
I’ve read somewhere that one should not match by email (e.g. the email given by the Google JWT token) when using SSO (e.g. OpenID Connect) but it’s not clear to me why.
The recommended approach seems to be using aud and sub claims … Continue reading What are the downsides of matching by email in SSO logins (e.g. Google, Facebook, Apple, Microsoft)?

Critical Authentication Flaw Haunts GitHub Enterprise Server

GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users.
The post Critical Authentication Flaw Haunts GitHub Enterprise Server appeared first on SecurityWeek.
Continue reading Critical Authentication Flaw Haunts GitHub Enterprise Server

How passkeys eliminate password management headaches

In this Help Net Security interview, David Cottingham, President at rf IDEAS, discusses the key benefits organizations can expect when implementing passkeys. Cottingham addresses the misconceptions surrounding the adoption of passkeys, particularly in … Continue reading How passkeys eliminate password management headaches