216 Blog Posts To Learn About Authentication

23 Jun 2026

Authentication is the process of verifying the identity of a user or system attempting to access a resource. It is a critical security measure that ensures only authorized individuals can gain access, protecting sensitive data and systems.

1. Using Session Cookies Vs. JWT for Authentication

HTTP is a stateless protocol and is used to transmit data. It enables the communication between the client side and the server side. It was originally established to build a connection between web browsers and web servers.

2. Using SuperTokens in a VueJS App With Your Own UI

Learn how to build your own login UI with SuperTokens in your VueJS application.

3. You Probably Don't Need OAuth2/OpenID Connect: Here's Why

And the great news is, if the need for OAuth2 and OpenID Connect arises, you can use Ory again to add these on top!

4. OAuth 2.0 for Dummies

OAuth 2.0 is the industry-standard protocol for authorization.

5. Using Devise In Your Ruby on Rails Application [A Step-by-Step Guide]

Authentication. You don’t always want your users to have faceless sessions that open your application without leaving any trace.

6. Creating a Middleware in Golang for JWT based Authentication

Golang has been a popular language over the past few years known for it's simplicity and great out-of-the-box support for building web applications and for concurrency heavy processing. Similarly, JWT (JSON Web Tokens) are turning into an increasingly popular way of authenticating users. In this post I shall go over how to create an authentication middleware for Golang that can restrict certain parts of your web app to require authentication.

7. How to Authenticate Your Git to GitHub with SSH Keys

Authenticate your local machine git's to GitHub using SSH authentication. You do not need to type username and password anymore with this easy addition.

8. An Overview of OAuth Fundamentals and Flows

OAuth flows are essentially OAuth-supported methods for verifying permissions and resource owner information.

9. JWT and Azure AD Authentication: How to Marry Them?

The core principles of AD authentication for third-party services with the use of the MSAL Python library and Flask.

10. Authentication and Authorization with bcrypt In Rails

Introduction

11. How to Set Up Firebase Authentication with React

Tutorial on how to add Firebase Email/Password authenticaion to a React application leveraging React Router.

12. Mastering Authorization and Authentication With Spring Security

Authentication and authorization are two important concepts in security. This post will teach you how to secure your REST API endpoints with Spring Security.

Add Google Sign-In to you Flutter web app and authenticate users in a single click

14. How I Built a Static Website with User Authentication and Dynamic Database for Free

How I built a functional static web app with user authentication and dynamic database for FREE using Webflow, Vault Vision, Cyclic and Airtable with #LowCode

15. How To Create User Profile Page for E-Commerce Android App

We are going to create an android UI for our UserProfile backend API we are creating for our demo E-commerce tutorial

16. Building a Simple Session Based Authentication using Ruby on Rails

Building your first authentication system may look intimidating at first. But to be honest, it's really easy. After reading this article, you will know how easy it is to create a session based authentication in rails.

17. One-Time Password Generation Using speakeasy, Nest.js And MongoDB

Here, we have designed and developed a flow for OTP(One time password) for user registration and also blocking a user's account after the maximum retries for incorrect otp is exceeded.

Implementing Social Login: A Step-by-Step Guide in React with Typescript. How to add Github and Google login for users and taking advantage of the social netwo

19. User Authentication in Android using Firebase (Java)

Firebase is a mobile(Android or iOS) and web application development platform. It provides a suite of cloud-based tools and services offered by Google

20. Why do you need JWT in your ASP.NET Core project?

The story is about how to create a Web API to generate JWT and then use it for authorization in the CRUD Web API.

21. The Simple & Efficient Way to Enable JWT auth in Laravel By Using PHP-JWT Module

I encounter this issue while working on an application for a client recently. Instead of using a JWT library build for Laravel, I used firebase/php-jwt to generate and authenticate users. Don’t ask why as there were many reasons behind this decision. If you are using any Laravel library for JWT like tymondesigns/jwt-auth then you don’t need this anyway, use the library if you want.

22. Poor Man’s Authorization: How to Implement RBAC for REST API with OPA

When it comes to application permissions, two results emerge from this situation:

23. How to Build A Passwordless Authentication with Email and JWT

In this quick article, you'll see how to prevent one of the OWASP Top 10 security issues for websites: authentication that hasn't been implemented correctly.

24. How to Integrate ‘devise’ and ‘omniauth-facebook’ Authentication To Your Rails App

Introduction

In this blog post, we will discuss how to integrate Google Identity Services into any of your front-end applications.

26. How to Add Authentication to a Full Stack MERN Web Application

This article is part 2 of "Let's build and deploy a full stack MERN web application".

27. Designing Functional Authentication and Authorization Systems

In this article, we are going to talk about a system for performing authentication and authorization securely.

28. How to Secure Your Flask Application with Ory Kratos and Ory Keto

How to secure a flask application using Ory Kratos and Keto to easily add authentication features into your program without needing lines and lines of code.

29. Authentication Middleware in Express Gateway using JWT

I was trying to create my first actual microservice program and very soon I faced an issue: "How many times I should do the authentication?"

Step by step to build Node.js Express Registration, Login, and Logout API using JWT and Cookies - Node.js Express Login API with MongoDB (Mongoose) database.

31. The Authorization Gap No One Wants to Talk About: Why Your API Is Probably Leaking Right Now

Broken Object Level Authorization (BOLA) is eating the API economy from the inside out.

32. Application Authentication: AWS Cognito vs JSON Web Token

Explore the difference between two well-known Auth building methods: AWS Cognito and JSON Web Token. Plus, take a look at the AWS Cognito application process.

33. Basic Elixir Api Guide

Elixir represents relatively new programming language for wider audience. It was published back in 2011, and is in development ever since. His main trait is that adops functional pardigm because it is built on top of Erlang and runs on BEAM(Erlang VM).

How to set up a Flutter app and implement Google sign-in using Firebase.

35. How to Build a Smooth Authentication Flow System with Firebase

This tutorial involves going through a step-by-step guide on how to set up the Firebase authentication service, and then a walk-through of how to implement it.

36. HMAC and MAC Explained: How To Build Secure Authentication With JWTs

HMACs and MACs are authentication codes and are often the backbone of JWT authentication systems. Let's take a look at how they work!

37. Never Rely on UUID for Authentication: Generation Vulnerabilities and Best Practices

The risks and best practices of using UUIDs for authentication, uncovering vulnerabilities, and secure implementation strategies.

38. Authentication in React with Firebase

Sometimes we want to implement authentication for multiple reasons and we don't want to create an API just for the authentication or maybe we are not backend developers. That's why Firebase provides authentication backend services easy to use. It supports authentication using passwords, phone numbers, popular social networks like Google, Facebook and Twitter, and more.

39. Authentication using the Amazon Cognito to an Angular application

Application example built with Angular 14 with authentication using the Amazon Cognito service.

40. How To Implement Facebook Authentication And Authorization In Server-Side Blazor App

Introduction

41. Using $auth Module’s Redirect in Tandem With $router.push in Nuxt.js

Recently I came across the issue of using the auth module in Nuxt.js and invoking a $router.push in subsequent line of code in the same method. The conundrum began when the lines after the auth.loginWith method did not execute as intended since the page was redirected to the redirect URI.

42. Goodbye Passwords, Hello Passkeys: The Future of Authentication

Discover how passkeys revolutionize online authentication.

43. Express-js Boilerplate with User Authentication

I couldn’t find a complete user authentication system for Expressjs, so I wrote this one.

44. How to Execute a Scheduled Task in Keycloak on Startup

In this article, we will look at how to execute a scheduled task in Keycloak on startup using a Kafka consumer as an example.

45. Web Auth Standard: Guide to Web Authentication API

Secure context This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

46. How to Hide Credentials in Spring Boot

Use env properties in spring boot to add the environment variables.

47. How to Customize Devise Authentication with Active Storage

It is really difficult to imagine an application without a very secure authentication module, they vary from one to other, but almost always having common components, like a form to introduce a user name or email, their password, maybe some social media authentication, even biometric inputs.

48. 5 Open Source Alternatives to Auth0 to be Excited About in 2024

5 open source alternatives to Auth0 for robust authentication and user management in 2024.

49. How to Properly Authenticate Your Emails

Learn what email authentication is and how to authenticate your email properly using email authentication protocols such as SPF, DKIM and DMARC.

50. Implement Authentication & Security Using SuperTokens in Your React and HarperDB App

51. Auth0 vs Okta vs Cognito vs SuperTokens Compared (2022)

An in depth review of Auth0 alternatives for 2022: Auth0 vs Okta vs Cognito vs SuperTokens

52. Security Best Practices for Node.js Apps

Node.js Security Guide

53. Custom Annotation-Based Authorization and Headers Propagation in Spring Boot microservices

Custom annotation-based authorization and headers propagation in Spring Boot

54. How to Implement Authentication in Your BFF Architecture in Minutes

In the web development field, auth (authentication + authorization) plays a vital role in securing user access and protecting sensitive data.

55. Authentication Using the Auth0 to a React Application

Application example built with React with authentication using the Auth0 service.

56. Setting Up Authentication for AWS EKS

Amazon Elastic Kubernetes Service (EKS) is one of the leading managed Kubernetes solutions.

57. How To Create A User Portal On Airtable With Sync Inc And React

In this tutorial, you’ll see how to build a scalable, secure, and flexible client portal on Airtable using Sync Inc, Cotter, and Next.js.

58. So, Like, What is an API Key Really? And How Does it Provide Security?

An API key is a secret code that gets you inside. Yeah it does!

59. The Future of Authentication

Strong authentication's war is fought not in the trenches of password management along with more complex passwords, passphrases, or even better multifactor authentication. Instead, this war must start with fundamental authentication processes as none of the current options will become a long-lasting silver bullet.

60. Using OAuth Authentication to Serve Static Internal Documentation

Let's walk through how to deploy Docusaurus behind an OAuth proxy which will force users to log in with a 3rd party provider before viewing our documentation.

61. Firebase Authentication with Email and Password in Flutter

Make use of Firebase Cloud Functions and Firestore to Authenticate in Flutter. SingInWithEmailAndPassword, HTTP Callables and Trigger, and more.

62. JSON Web Token: How To Secure Your Data With JWT

A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a way for securely transferring information between two parties. It can be used for an authentication system. As this information is digitally signed, it can be verified and trusted.

63. Build DevOps for Secure Auth API Gateway using Nodejs, Aptible Terraform and Redis

Building a secure and scalable API gateway is crucial to modern software development.

64. Adding Auth Flow Using SuperTokens into a React and Hasura GraphQL App

65. Authentication in an Angular Application Using Supabase

Application example built with Angular 14 with authentication using the Supabase service.

66. How SuperTokens' Pre Built UI Can Be Used With VueJS

Protect your VueJs app with SuperTokens by easily adding authentication with pre-built and session management to your project right out of the box easily.

67. How Does HTTP Authentication Work

HTTP provides a general framework for access control and authentication. The most common HTTP authentication is based on the "Basic" schema. This page shows an introduction to the HTTP framework for authentication and shows how to restrict access to your server using the HTTP "Basic" schema.

68. HELP! There’s a JWT in my Metaverse!

Are JWTs really dead, or are they just misunderstood? In this article, Patrick Lee Scott explores the usage of JWTs in a web3 world.

69. Overriding the SuperTokens APIs for Custom Usecases

In this blog we discuss how to customize the auth APIs provided by SuperTokens using its “Override” feature"

70. A Brief History in Authentication

Photo Credits: Edward Tin

71. Connecting an Apigee Edge API Proxy with Auth0 Platform

In the step by step tutorial learn how to use external OAuth for authentication & Access token created by the external system to secure APIGEE edge

72. Why You Should Use IAM Policies to Enforce MFA on AWS

In my past life, I was an auditor and performed hundreds of cybersecurity readiness assessments. These were sometimes called “gap analysis” and the essential purpose of these assessments were to provide organizations with the answers to the test for their upcoming official assessment.

73. Let's Build a Real-Time Collaborative Document Editor Using My Web App Framework of Choice

Learn how to build a secure, real-time collaborative document editor with Next.js, Appwrite, Liveblocks, and Permit.io using ReBAC.

74. Secure Your NestJS App: How to Implement Authentication With Auth0

This guide will walk you through securing your NestJS app using Auth0.

75. How to Implement Multi-Device Authentication System with FastAPI, Redis, and JWT

You know how you can sign-in to multiple devices on Google and sign-out from on one device through another, well, I tried to implement that using Redis

76. Secure Sessions in JavaScript: Forking Express-Session to Improve Security

If you ever made a webapp in JS, chances are you used Express as a web framework, Passport for user authentication and express-session to maintain users logged in. This article focuses on sessions and how we forked express-session to make it more secure.

77. How to Configure Your Preferred User Stores to Authenticate Users using WSO2

WSO2 Identity server allows keeping multiple user stores for your system to store users and their roles. There should be one primary user store (mandatory) and any number of secondary user stores(optional). When creating a secondary user store we can provide a user store domain name for the secondary user stores. “PRIMARY” is the user store domain of the primary user store.

Cookies-Based Authentication Vs. Session-Based Authentication: All You Should Know!

79. Authentication using the Auth0 to an Angular application

Application example built with Angular 14 with authentication using the Auth0 service.

80. The Good Things, and the Not So Good Things, About Working With Firebase

Most of the developers have heard for Google’s product called Firebase. It’s, how Google says “mobile platform that helps you quickly develop high-quality apps and grow your business.“. It’s basically a set of tools that most developers will need when building an app. In this article I’ll go over these tools, and point all the things you need to know if you choose to use Firebase.

81. How to Master Authentication and User Flow in Node.js With Knex and Redis

Master Node.js auth with Knex, Redis, and Express. Craft a secure, efficient user flow with ease.

82. Validating a User Phone Number With SMS on Auth0 Using ZENVIA

Application example using Angular where a simple WEB application will be implemented to validate the user phone by SMS in the authentication.

83. Enhancing Password Security and Recovery with Next.js 14 and NextAuth.js

Learn to set up a secure and user-friendly system for password recovery in Next.js, complete with token verification and email notifications.

84. Setting Up NextJS 13 with Auth0 and Sub-Domains: A Guide to Multi-Tenancy Web Apps

Learn how to set up NextJS 13 with Auth0 for a web multi-tenancy app using sub-domains. Overcome issues with callbacks, grant_type, and logout URLs

Build an elegant login screen super fast using React and Bootstrap

86. Protecting Your Supabase App With SuperTokens Authentication

Learn reasons why you should choose SuperTokens as your auth provider and why it pairs so well with Supabase in protecting you and your online infrastructure

87. What Makes Zero Trust Better And Different From Traditional Security

Traditional vs zero trust? Learn how zero trust outperforms the traditional model by delivering improved security, flexibility and reduced complexity.

88. How to Manage Permissions in a Langflow Chain for LLM Queries Using Permit.io

This article explores how to implement a permission system in Langflow workflows using Permit.io’s ABAC capabilities.

89. Setting Up Auth0 Authentication with Expo Router: A Complete Guide

Setting Up Auth0 Authentication with Expo Router: A Complete Guide

90. Hashing, Salting, and Verifying Passwords in NodeJS, Python, Golang, and Java

How to hash and salt passwords in different languages and why it's important to do so

91. What Is a JSON Web Token (JWT)?

JWTs or JSON Web Tokens are most commonly used to identify an authenticated user. They are issued by an authentication server and are consumed by the client-ser

92. Securing Your MCP Server: a Step-by-Step Guide

This guide will walk you through securing a Node.js MCP server from the ground up using JWT.

93. Revoking Access to JWT tokens with a Blacklist/Deny List

Learn how to maintain a JWT blacklist / deny list using an in-memory data cache.

In this post we are going to discuss, how you can set up a user Login authentication using Auth0 in Next.js projects.

95. Common Attack Vectors that Authentication Services are Faced With

Hacking user accounts on many websites is still easier than it could and should be. This blog post helps you secure your application against identity theft.

96. Authorization With User Roles (RBAC)

Authorization is all about answering the question “Is this user allowed to do a certain operation?”. In this post we go over how you can implement RBAC

97. From Passwords to Passwordless Authentication

Passwordless authentication is gradually replacing the password-based authentication practice. The CIA triad of Cybersecurity is changing rapidly. Learn how.

98. About History and Irony of Logging (in)

The story of event logging begins at sea and is related to navigation. One of the important aspects of navigation is <a href="https://en.wikipedia.org/wiki/Dead_reckoning" target="_blank">dead reckoning</a>: estimating your current position based on course, speed and time from a known, observed point. In the end of 15th century, speed at sea was measured with a small wooden log. A so-called ‘Dutchman’s Log’ was dropped overboard from the bow of the ship and the navigator measured the time elapsing before it passed the stern.

99. UMA (User-Managed Access) 2.0: How It Works And What It Can Be Used For

User-Managed Access (UMA) is an OAuth-based access management protocol standard. Introduction to UMA and where it can be used.

100. Session vs JWT Authentication — How They Work, Key Differences, and Real-World Examples

While both achieve the goal of verifying a user’s identity, they work in different ways.

101. No Password is Better than A Strong Password

Passwords have been on the decline for more than a decade. But eventually, we will face a time when it is no longer proof of our digital self.

102. About Kubernetes Authentication

There are 3 steps that Kubernetes uses to enforce security access and permissions are: Authentication, Authorization and Admission. In this article we are going to consider Authentication first.

103. Express.js Integration Guide for Passwordless Authentication with DID.app

Just want the code? Find this example on github

104. The History of Biometric Technology: From 1960 - 2020

Modern biometric technology began in the 1960s, evolving into high-tech scanners that read bio-markers with an accuracy touching 100%.

105. Authentication in Web Apps: Connecting Auth0, ASP.NET Core and Nuxt.js

User authentication and authorization can be difficult and time consuming. Getting it wrong can also have disastrous consequences, such as malicious users accessing and stealing personal or sensitive information from your app.

106. .NET Authentication Security Notes

In this article, we discuss how to protect users' authentication and session in .net, as well as Identity Server configuration.

This tutorial walks you through integrating your frontend with social login APIs provided by SuperTokens.

108. How To Add Authentication To Your Apps and dApps

I co-founded a developer toolkit company with the explicit goal of making decentralized applications easier to use. However, the tools aren't just for decentralized applications. Traditional application developers can make use of SimpleID to add authentication and storage to their app quickly and with zero overhead. Let me show you how easy it is.

109. Digital Signatures in Cryptography: Types, Applications, Process

What is a digital signature? It’s probably not what you think it is… in fact, you’re using several right now…

110. Passwordless vs MFA: The Future of Authentication

A passwordless approach is not the end-all-be-all for data security, but it is the start of establishing a single, strong user identity and trust.

111. How to connect SuperTokens to a MySQL or to a PostgreSQL database

Learn how to connect a self-hosted SuperTokens core to a database with or without Docker

112. Session vs JWT vs OAuth2: The Complete Authentication Strategy

Compare Session, JWT & OAuth2 authentication strategies. Learn when to use each method with architecture diagrams, pros/cons & decision frameworks.

113. An Essential Guide to IAM (Identity Access Management) in 2022

The term IAM is one of the common you hear in cloud-native environments. What does such a system do? A fast and pragmatic introduction to IAM

114. How Can You Improve Your Cybersecurity With Continuous Authentication

Standard authentication methods such as multi-factor authentication (MFA) and one-time passwords work as filters at the entrance of the protected perimeter. But what if someone managed to trick these filters or changed the user after their successful login? Cyber attackers may steal credentials of legitimate users and even one-time passcodes using malware and different phishing techniques. In the companies without special employee monitoring software, employees often nonchalantly share their logins and passwords with colleagues. Finally, there’s always a risk of someone getting a hold of a corporate device such as a laptop or smartphone with full access to the corporate network, critical resources, and applications.

115. Deploying SuperTokens with React and NodeJS on Vercel

This tutorial will guide you on how to add SuperTokens to a React and Express app deployed on Vercel

116. Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks

Hackers in today's digital world are constantly creating innovative ways to access systems and steal data, especially in more interconnected business networks.

117. Implementing Google Authentication and Fetching Mails from Scratch Using Python Django

Google Authentication and Fetching mails from scratch means without using any module which has already set up this authentication process.

118. An In-Depth Comparison of OAuth and JWT (JSON Web Tokens)

Learn about the difference between JWT Token and OAuth

119. The Pain Of Making A Blockchain App From Scratch

So easy, an ape could do it. Thoughts from the lead developer and Top Ape at SnowApe, a Web3 real money gaming project that made a blockchain app from scratch.

120. Understanding Roles-Based Access Control (RBAC)

Learn about RBAC and advantages + disadvantages compared to ABAC.

121. How Face ID and Touch ID Work: A Gentle Introduction to WebAthn

The Web Authentication API (also known as WebAuthn) is an API that enables strong authentication with public-key cryptography and passwordless authentication.

A possible solution to single-factor and multi-factor authentication methodologies using decentralized login (DLI).

123. From A to Z: The ABCs of Secure Authentication for Enterprises

Having secure authentication measures in place isn't optional. We cover everything your organization needs to know about secure authentication from A to Z.

124. Authentication: Create a Simple Rick and Morty Wiki Page

Authentication is the most important part of any application. Learn more about it!

125. The Difference Between OAuth 2.0 And Session Management

There seems to be a lot of misinformation on when OAuth 2.0 (henceforth referred to as OAuth) is appropriate for use. A lot of developers confuse OAuth with web session management and hence end up using the wrong protocol / set of technologies. This, in turn, leads to security issues. This article will clarify when to use regular session management solutions and when to use any one of the OAuth flows.

126. The Achilles Heel of Authentication in 2020

I spoke to developers all over the world to find out what are the most pressing authentication pain points in 2020? The results are in.

127. Learnings From The Meow Bot Attack on Our MongoDB Databases

and ever since then we never look at a kitty the same way again. meow!

128. A Practical Guide to Implementing User Authentication using JavaScript and Express

Level up your web development skills: Explore secure user authentication in JavaScript with Express framework.

129. Mutual Human Authorization: A New Standard in Data Privacy

Mutual Human Authorization is a digital communication protocol that SharePass is pioneering to help address persistent data privacy and security gaps.

130. SCIM: A Critical Yet Underappreciated Element in Enterprise IAM

Discover how SCIM improves enterprise IAM complementing SSO for automated authentication and authorization.

131. Authenticate Users Via Face Recognition On Your Website or App

Learn how to authenticate users on a typical website or web application via face recognition instead of the traditional login/password pair.

132. Google's Authenticator App Explained and Reviewed

Such a cool-sounding term, I had to find out its meaning and purpose. So here is the story.

133. A Beginner-Friendly Guide to Phone Authentication With FirebaseUI in React

How to implement phone number authentication in your React app using Firebase and FirebaseUI. This step-by-step guide covers setup, OTP handling, reCAPTCHA, etc

134. Templating in Software Development: Taking a Deeper Look

Explore how templating in software development can streamline your projects.

135. What Developers Mean When They Talk About API

API has become one of those catch-all terms that developers throw around without really considering the context. On any given week, you will come across discussions like "How to use the Twitter API", "New framework X is great because it has a low API surface", and "Best practices for building an API."

136. NFTs for Authorized User Registration - Part 1

How does using an NFT as part of an MFA login work? Here's how.

137. Identity, Authentication, and Authorization: An Extensive Guide to Get You Up to Speed

In this post, we will dive deeper and demystify how apps actually implement authentication. Do it right, and you barely notice it.

138. Passwordless Authentication: Is it Time to Bid Farewell to Passwords?

The digital-first world demands everyone to authenticate themselves before availing of any services online.

139. Random Password Generator Command in Linux we Rarely Use

Password generators are now in abundance. Particularly surprising are the many web applications for this purpose.

Confused by cookies, tokens, and API keys? This guide breaks down 6 common authentication methods — Basic Auth, Cookies, Tokens, API Keys, OTP, and SSO!

141. How to Authenticate With OpenID Connect and Apache APISIX

In this post, I want to demo how to use OpenID Connect using Google underneath and then switch to Azure.

142. How to Automate WordPress Workflows Using the REST API

Learn practical WordPress REST API automation patterns for bulk content ops, maintenance, and integrations that save hours every week.

143. AssumeRoleWithWebIdentity WHAT?! Debugging the Github to AWS OIDC InvalidIdentityToken Failure Loop

We encountered the InvalidIdentityToken error with the AssumeRoleWithWebIdentity method - we'll dive into how to fix it.

144. Authentication Tools For Developers: A Comparison

When I first started learning to code, I went through more tutorials than I can count. I built so many todo list apps that I can’t even use a todo list without wondering if someone built it as a tutorial then turned it into a product. I learned CRUD (create, read, update, delete). I learned frameworks (React, Angular, Vue). I learned so much, but in every tutorial, something was missing. Something critical.

145. Unlocking the Magic of Zero-Knowledge-Proofs—Part 2: Artificial Reasoning and Limits of Information

Explore the fusion of cryptography, metaphysics, and human ingenuity in unraveling the mysteries of ZKP.

146. What If Your Unique Typing Style Could Become Your Seamless Password?

Design a keystroke pattern based authenticator using ML methods like CNN/RNN-LSTM with real world examples and code.

147. How to Implement a Forgot Password Flow (With Pseudo Code)

What should happen on the backend when a user forgets their password? Read to find a pseudo code implementation of the simplest way to reset passwords securely.

148. Introduction to IDaaS and its Applications

If you're reading this article, you might be interested to learn how to implement user management for your application, understanding the complete picture of how identity management services work. That's what we'll do in this article. You'll learn what is Identity as a Service (IDaaS), why to use such a service, what is Single Sign-On (SSO), and IDaaS platforms.

149. Authentication Vs. Authorization [Infographic]

In online protection systems, authentication and authorization play an important role. They confirm the user's identity and grant your website or application access. In order to decide which combination of web tools best fits your security needs, it is important that you notice their differences.

150. Storing Passwords In A Database: A Better Way to Do So

Discover the best practices for securely storing passwords in a database. Explore the risks of plain text storage and the advantages of using hashing functions

151. A Quick Guide to JSON Web Token [JWT]

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as JSON objects.

152. Digital Identity Around the World: Why Some Countries are Embracing Self Sovereign Identity Quicker

This article outlines the questions and logistics to consider when countries adopt or adapt new privacy laws and self-sovereign identity.

153. Keycloak Client-Aware Access Control

Keycloak's realm model allows any user in a realm to authenticate any registered client.

154. Implementing Secure Role-Based Access Control (RBAC) in a Next.js Application Using Permit.io

Learn how to implement secure, scalable Role-Based Access Control (RBAC) in a Next.js app with Permit.io, managing user permissions and enhancing app security.

155. How Zero Trust Vendors are Concealing the Truth About This Robust Mechanism?

With the increasing cybersecurity risks and breaches in the past couple of years, businesses are now moving with a clear vision to incorporate zero-trust architecture into their platforms.

156. SSO Infrastructure Cyber Attacks - Learn How to Detect Early and Mitigate the Risk

With the increasing cybersecurity threats, businesses are now more concerned about cybersecurity hygiene and are swiftly adopting security mechanisms, like single sign-on (SSO).

157. Bolstering Your Business: A Look into Angular's Security Features

This blog post has given you a better understanding of the security landscape of Angular's web applications.

158. Identity Governance: Why Enterprises Don’t Implement It?

Maintaining the digital environment of an enterprise is a complex task and it takes more than technology to make things right. Businesses are in continuous need of regulatory controls like identity governance to maintain their brand value and simultaneously control their resources.

159. Configuring Single Sign-On for Zoom With WSO2 Identity Server

In the wake of remote working, Zoom has become one of the most essential tools for video conferencing. This blog discusses how you can configure single sign-on (SSO) for Zoom with WSO2 Identity Server.

160. NFTs for Authorized User Registration - Part 2

How can NFTs be used as part of an authorized user registration? Here's how.

161. JSON Web Auth Using Angular 8 and NodeJS

The article is about interfacing an Angular 8 Project with a secure backend API. The Backend will be running on Node.JS. The security that will underlay the interfacing will be JSON Web Tokens.

162. The Noonification: Tailwindcss? Ill Pass (8/27/2023)

8/27/2023: Top 5 stories on the Hackernoon homepage!

163. Jwenky: An Express API Server with User Authentication

Jwenky is an API server coded in Express framework.

164. 80% Devices in 2023 Are Already Passkey-Ready: Apple, Microsoft, and Google Pushing It Even Higher

Since the 3 digital leaders, Apple, Google, and Microsoft, are pushing passkeys as the new login standard, the current technical support for passkeys is high

165. JWT vs Sessions Is the Wrong Debate

Every tutorial forces you to pick one, then spends 2000 words explaining why the other one is terrible.

166. 4 Dangers of Sticking with Outdated MFA Methods

Adopting Multifactor Authentication is just the start of securing your digital systems, but outdated MFA methods can still present vulnerabilities if unchecked.

167. The Business Costs of Compromised Passwords

Passwords and Their Ability to Bring Down Even the Largest of Enterprises

168. 16 Best Practices For Securing Your APIs with Apache APISIX - Part 1

Learn how to fortify your APIs with Apache APISIX, implementing top security practices, including authentication, authorization, and rate limiting.

169. What is OAuth (Open Authorization) and Why is it Important?

First of all, we want the users to be authenticated - confirming that the users are who they say they are. Then, authorize them - to enable selective access.

170. The Role of Identity and Access Management in The Security of Your Business

Identity and Access Management (IAM) plays a critical role in safeguarding your digital assets and ensuring secure access for authorized users.

171. An Introduction to Code Signing Architectures and Techniques

In the recent past, many technology firms were being targeted by hackers to tamper and corrupt the source code. These attacks heavily impact brand reputation and also leads to huge losses for firms victimized. To tackle this scenario, Code Signing techniques can be used for safeguarding the code integrity and to provide authenticity of the author to the end-user by providing digital signatures. Code Signing provides secure and trusted distribution of software preventing tampering, corruption and forgery. Code signing improves end-user confidence in software/code integrity and sender authenticity.

172. Biometrics And The Future Of Tracking

Almost any organization experiences one of the main problems with the personnel policy - personnel discipline. It is particularly relevant for large companies. Here are several unpleasant consequences that this problem leads to. First of all, these are quite tangible hidden costs due to insufficient production of goods and services, foregone turnover, loss of important customers, and other losses from the irrational use of working time by employees. Let's say an employee takes 15-20 extra minutes every day to be late, protract a lunch break, have smoke breaks, go home early, and other things. Shouldn't be too hard to calculate that eventually it all takes an entire working day from one working month. In reality, people spend much more working time on personal needs: up to 35%.

Login and signup processes are one of the most underrated tasks when building and upgrading a website or platform... or multiple ones. However, on this kind of development tasks, implications go far beyond asking for an email and a password: security issues, user experience, customer profiling, different tech stacks compatibility and adaptation...

174. Auth in a React App with AWS: How Does It Really Work?

For this Tech Stack in 10, I'm diving into some best practices for using authentication in your full stack application with AWS Cognito, DynamoDB, and AppSync.

175. The ABCs of Identity, Authentication, and Authorization - Part 1

Gain a high-level understanding of the key concepts of identity, authentication, and authorization.

176. Best Practises For Protecting Your Email

Ever get a Microsoft security alert email? One out of every 412 emails contains a malware attack. It doesn’t matter if you’re just a person sitting comfortably at home or a dedicated worker pushing one email after the other with short breaks of sweet old coffee. Every one of us is susceptible to these attacks and in a slightly twisted way we should all expect them. They could come in all shapes or sizes, and if you don’t want to lose a speech for your “Dyno week” conference that you spent a 100 hours writing maybe you shouldn’t let your friend open an email link with the subject line “Nude pictures of Anna Kournikova.”

177. Introduction to Cryptography: Vigenère Cipher [Part 2]

Hi again and welcome back to part 2 of the basic cryptography. Previously we discuss about what is cryptography and how fundamental and ancient problem it is in communication science. We talk about ceaser's cipher and how easy it is to break. We also talk about Substitution Cipher which was slight improvement to Ceaser' cipher but can easily be cracked using Frequency analysis technique.

178. Unveiling the Intricacies of Zero-Knowledge Proofs and Their Varied Implementations

Zero-knowledge proofs' guardians surround a central lock, symbolizing digital privacy. A visual metaphor for privacy in the digital age.

179. 16 Best Practices For Securing Your APIs with Apache APISIX - Part 2

Learn 16 advanced tips to keep your APIs safe with Apache APISIX.

180. Agents Can Pay and Talk—So Why Can’t They Register?

AgentDoor is drop-in middleware that lets AI agents register, authenticate, and pay for your API. No browser, no forms, no CAPTCHA. Under 500ms onboarding.

181. Biometric Authentication - Working, Methods, and Use Cases

Biometrics is a scientific term for the physical or behavioral characteristics of humans. Biometric authentication is biometrically enabled data protection.

182. Machine Identities in Small Businesses: The Key to Security and Efficiency

Learn how small businesses can safeguard their digital assets by effectively managing machine identities amidst evolving cybersecurity challenges.

183. MFA Vs. 2FA: Which Is Better And More Secure

Your 8-character password with numbers, symbols, lowercase, uppercase, and special letters are not enough to shoo away hackers! What to do then? Find out here.

184. Your React App Wants Web3Auth—Here’s How to Make It Happen

Integrate Apple Login with Web3Auth Nomodal in a c. Learn authentication, smart contract deployment, and wallet interactions in Web3.

185. The HackerNoon Podcast: Let's Talk About Sec, Baby

Amy Tom talks to Jeff Morris, VP of Product & Solutions Marketing at Couchbase, and Mike Schwartz, Founder & CEO of Gluu on The HackerNoon Podcast

186. A React HOC for AWS Cognito to Simplify User Authentication

TL;DR: AWS Cognito offers robust handling of user Authentication flows, including via Social Providers such as Google and Facebook. Here we describe a Higher Order Component for your ReactJS Web App, and how to configure Cognito.

How to strengthen your online apps against cloud service attacks such as ‘pass-the-cookie’ attacks.

188. System Architecture: Moving Authentication to the API Gateway

When exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks.

189. Support Zero Trust With Strong Authentication Practices

Zero trust is based on three main principles: authentication, authorization, and continuous validation. Here's how to strengthen your authentication practices.

Using YooniK technology to create a passwordless single sign-on experience using the OpenID Connect protocol.

191. Ensuring Security: A Guide for Web and Mobile Application Development

Authentication and authorization for modern web and mobile applications are a key part of most development cycles. This story outlines some considerations.

192. How Big Tech is Working Towards a Password-Free Future

A 2019 research conducted by HYPR showed that 78% of people forgot their passwords and required a reset within the last 90 days. Passwords aren’t just difficult to manage, they are inconvenient, insecure, and expensive because passwords are just too easy to guess, hack or intercept and what’s more, the legacy of password reuse is leading to constant attack and account vulnerabilities.

Social logins are more secure than the traditional username/password.

194. Digital Authentication: Notes on The Road To Passwordless Authentication

An introduction to the most popular authentication strategies along with some emerging solutions.

In this tutorial I will be building two screens i.e. a signup screen and a signin screen using react navigation v5

196. How You Can Add Multi-Factor Authentication To Your Application

In light of countless security breaches across the industry, multi-factor authentication is becoming increasingly popular. Let's look at the available options!

197. Bootstrapping Laravel + Admiral: Auth Without the Boilerplate

Learn how to bootstrap a modern admin using Laravel 12, Sanctum, and the open-source Admiral admin panel.

198. Building an Airtight Security Funnel Step-by-Step

In this article, we’ll walk through SharePass’s patent-pending security funnel, providing a step-by-step guide to building out your security pipeline.

199. Do Passwordless Technologies Have an Impact on Cybersecurity?

Contrary to popular belief, traditional passwords are not the best way to protect sensitive information on our digital devices.

200. Why IAM Architects Prescribe Enterprise Application Security

The widespread use of modern applications by enterprises come at a cost of data breaches. For this reason, Identity and access management or IAM architects have

201. The GIA Certificate of Blockchain: Mo Kumarsi on Rev3al’s Vision for Blockchain Security

Rev3al aims to revolutionize blockchain security with innovative authentication solutions, offering trusted protection for digital assets against fraud.

202. How to Build Software With Low Vendor Lock-in

We discuss some thought processes on how vendors can build software with low vendor lock-in.

203. You Should Upgrade Your Authentication System to CIAM Now Before It's Too Late

Adopting CIAM boosts security, trust, and satisfaction, protecting against data breaches in today's digital world.

204. What is Single Sign-On about?

We hate filling out forms, right? What if we can skip it? Thanks to single sign-on, it is possible.

205. Modern Authentication Isn’t Enough on It's Own

Modern authentication improves login experiences, but it’s not true modernization. Learn why SSO alone isn’t enough.

206. Why File Storage Needs an Authentication Layer and How 3DPass Is Doing It for 3D

The internet has a storage problem. Not because we don’t have enough space, storage is (relatively) cheap. What it has is an authenticity problem...

207. The Ultimate Guide To Custom Role Based Access Without Third Party Libraries

Here, we have four roles: Sme, Sponsor, Admin, Operations.Initially, we had only 3 roles.Operations role was added later and Operations user has permissions similar to the Admin user.In the code, we had to replace every instance of if (user.type == USER_TYPES.ADMIN) with if (user.type == USER_TYPES.ADMIN || user.type == USER_TYPES.OPERATIONS).As this is time consuming and we can also miss many instances, we have created a roles module. In the roles module,the roles are defined along with their respective permissions as seen in Code (Part-III). Based on the permissions for each role, we will evaluate the authorization for the user in each of our controller methods.If the user has access, only then he will be granted the resources.

208. Setting up 2FA on 9 Popular Apps & Services Before Safer Internet Day

How to enable 2FA and what is two-factor authentification is. Set it up before Safety Internet Day which is celebrated on February 8 and make you apps secure

209. 3 Reasons for B2C Enterprises to Implement Single Sign-on Authentication

Single sign-on authentication, or SSO, is becoming more commonplace as the digital revolution continues to evolve. With numerous benefits for customers and companies alike, SSO helps streamline user experience, aid movement between applications and services, and secure the transfer of pertinent information about customers between organizations.

210. How To Improve Banking App Security With GPS Data

Mobile-based fintech solutions are becoming the first port of call for many financial services, as people embrace the simplicity, cost-effectiveness and speed of mobile payments. However, digital fraud is rising as fast, if not faster, and thus fraud monitoring based on robust customer authentication have become as important as the services mCommerce has to offer customers.

211. How Routee's Two Factor Authentication Works

Two Factor Authentication or Two Factor Verification is a service used to confirm a user’s identity by combining two different elements. For example, Routee service combines a unique code with a verified phone number. This service can be used as part of an app or a website sign up process to increase security for the services offered.

Visit the /Learn Repo to find the most read blog posts about any technology.

← Previous

386 Blog Posts To Learn About Venture Capital

216 Blog Posts To Learn About Authentication

Let's learn about Authentication via these 216 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any technology.

Node.js Security Guide