This follows what I am seeing in tests. Far fewer injection vulnerabilities, far more aurh issues. The apps didn't change, the attackers got better.

https://stateofsecurity.com/identity-security-is-now-the-1-attack-vector-and-most-organizations-are-not-architected-for-it/

#auth #vector

This follows what I am seeing in tests. Far fewer injection vulnerabilities, far more aurh issues. The apps didn't change, the attackers got better.

https://stateofsecurity.com/identity-security-is-now-the-1-attack-vector-and-most-organizations-are-not-architected-for-it/

#auth #vector

Yubikey OTP support disabled in -current https://www.undeadly.org/cgi?action=article;sid=20250822064253 #openbsd #yubikey #otp #auth #security #buggysoftware #freesoftware #libresoftware

Yubikey OTP support disabled in -current https://www.undeadly.org/cgi?action=article;sid=20250822064253 #openbsd #yubikey #otp #auth #security #buggysoftware #freesoftware #libresoftware

🦀 actix-passport: A comprehensive, flexible authentication framework for actix-web applications in Rust.

https://github.com/densumesh/actix-passport

#actix #rust #webdev #auth

I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs ( #Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.

#OTP #fedidev #auth