InfoQ Homepage Authentication Content on InfoQ
-
Disabling Google 2FA Doesn't Need 2FA
A developer's machine, compromised by attackers, was able to use Safari auto-fill to log into passwords.google.com, disable 2FA and extract passwords without notification. InfoQ spoke to Amos (@fasterthanlime) on Twitter about his experience and advice for others who might find themselves in the same situation. Read on to find out what happened, and what you should do to protect your assets.
-
Production Identity Framework SPIRE Graduates to CNCF Incubator
The Cloud Native Computing Foundation has accepted SPIFFE and SPIRE as incubation level projects. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE APIs that is production ready.
-
W3C and FIDO Alliance Finalized WebAuthn, Web Standard for Secure, Passwordless Logins
The World Wide Web Consortium (W3C) and the Fast IDentity Online (FIDO) Alliance recently announced that the Web Authentication (WebAuthn) specification is now an official web standard. WebAuthn allows users to log in via biometrics, mobile devices and/or FIDO security keys, with higher security over passwords alone.
-
The Lowdown on Face Recognition Technology
Facial recognition is a direct application of machine learning that is being deployed far and wide to consumers, in the industry and to law enforcement agencies with potential benefits in our daily lives as well as serious concerns for privacy. facial recognition models show above human performances but real world implementation remains problematic for some applications.
-
NIST Guidelines Require Second Auth Factor When Using Biometrics
NIST has released a public draft of new Digital Identity Guidelines, described as “a significant update from past revisions.” The guidelines describe acceptable use of multi-factor authentication (MFA). Furthermore, when using biometric data as one authentication factor, it must be combined with something you have, and not something you know, such as a password.
-
Authentication Strategies in Microservices Systems
Software security is a complex problem, and is becoming even more complex using Microservices where each service has to deal with security, David Borsos explained at the recent Microservices Conference in London, during his presentation evaluating four end-user authentication options within a microservice based systems.
-
GitLab 8.9 Adds File Locking, Hardware U2F Support
The release of GitLab 8.9 brings a file locking, a refreshed UI, and hardware-based two-factor authentication. Teaming up with Yubico, developers can now use a hardware YubiKey to automatically authenticate a GitLab session without having to type in a 6-digit TOTP code. In addition, file locking will keep binary assets from getting destroyed during a merge.
-
Keeping Your Secrets Safe in a Distributed and Scalable Environment
At the Velocity Conference in Amsterdam, Alex Shoof explained how to manage secrets in a scalable and distributed environment. Shoof proposed a system based on five fundamental principles for secret management.
-
Facebook's and Twitter's SDKs for Apple tvOS Enable Onboarding and Analytics
Facebook and Twitter have released SDKs for Apple tvOS to provide support for onboarding, user verification, and analytics.
-
Nexmo Verify SDK Touts Easy Phone Number-based Authentication
Nexmo has announced the availability of its Verify SDK for iOS, Android, and JavaScript, which makes it possible to securely register and authenticate users based on their mobile phone numbers, Nexmo says.
-
Google Introduces Smart Lock for Passwords
Google has announced at I/O 2015 the Google Identity Platform, a collection of tools and APIs for managing identities and dealing with authentication and authorization across Android, iOS and web applications.
-
Major Update to Firebase Brings Rich Authentication Tokens
Firebase has this week announced major updates to its user authentication, including automatic session persistence, and rich authentication tokens for use in Security Rules.
-
Visual Studio 2013 Adds New Project Templates with Improvements and Social Accounts Authentication
The recently released Visual Studio 2013 includes new project templates with several improvements which enables developers to build projects and applications faster.
-
Outsource User Management and Authentication with Stormpath
Most applications these days require user management, authentication, and authorization from the beginning and even a minor mistake can be disastrous. To help developers focus more on what the application actually does, Stormpath is offering turnkey user management and authentication services. Using these services, applications can authenticate users via a single API call.
-
Multi-Factor Authentication For Windows Azure Hosted Apps
Microsoft recently announced preview of Multi-Factor Authentication in Windows Azure. This can be enabled for Windows Azure Management portal, Microsoft Online Services such as Office 365, as well as custom applications.