Nov 5, 2021Zero Trust and How IdPs Factor Into ItYears ago, before the widespread adoption of cloud and SaaS-based offerings, IT security was arguably simpler. For a while, you could assume with a decent level of confidence that anyone inside your corporate network was meant to be there and could be trusted. …Zero Trust6 min readZero Trust6 min read
Oct 8, 2021How to Set Up Single Sign-On Between FusionAuth and JoomlaWhen you are maintaining a large number of websites, it can be difficult to keep track of all of the administrator logins required. What’s more, it can lead to lapses in security if you’re constantly losing and having to reset your password, or worse, keeping them written down somewhere. Configuring…Joomla9 min readJoomla9 min read
Oct 1, 2021When to self-host critical application componentsIn April of 2021, Auth0, an identity provider powering authentication for hundreds of websites, experienced an hours-long outage. During the outage, users could not access their authentication portals and many of their websites were rendered unusable due to the broken authentication flows. Auth0 joins Microsoft, Amazon, GitHub, and a growing…Auth9 min readAuth9 min read
Sep 10, 2021How to Protect Your Organization From Auth Vendor Lock-inYears ago your team decided to use a third-party auth system to avoid the time and cost of building one in-house. But now a better option has hit the market and you’re wanting to make the switch. …Vendor Lock In4 min readVendor Lock In4 min read
Aug 20, 2021How to mitigate risk when your auth vendor gets acquiredAuthentication is an integral part of your application, and as such the acquisition of your auth vendor isn’t like other acquisitions. It could mean many things for your business, and you’ll have to decide how to respond accordingly. This blog post is an excerpt from What to Do When Your…Auth4 min readAuth4 min read
Aug 20, 2021Why use a standardized auth protocol?Software applications regularly need to gain access to data from other services on behalf of their users. An application may need to grab a list of user’s contacts from a third-party service, such as their Google contacts. Or it might need to access a user’s calendar so the application can…Auth3 min readAuth3 min read
Aug 13, 2021Security and privacy risks when implementing an auth systemGiven the increase of data beaches in the past few years, it’s more important than ever for software engineering leaders to prioritize security, quality development practices, and robust governance controls. Your customers’ trust is on the line-and that’s the lifeblood of any business that wants to keep growing. This blog…Security2 min readSecurity2 min read
Published in Nerd For Tech·Aug 13, 2021What’s Wrong With the OAuth2 Implicit Grant?The Implicit grant is part of the OAuth 2 RFC, but is one of the features omitted in the OAuth 2.1 specification. With this grant, you don’t have to write server side code. …Oauth4 min readOauth4 min read
Published in CodeX·Aug 13, 2021What to consider before choosing an open-source auth providerOpen-source authentication providers are popular because anyone can review much or all of the code that powers them. This availability can be especially helpful in evaluating whether a particular authentication provider will work for your use case. In addition, if you want the source code for any number of reasons…Auth5 min readAuth5 min read
Published in CodeX·Jul 28, 2021The what, why, and when of multi-factor authentication (MFA)As more of our lives and data move online, multi-factor authentication (MFA) becomes increasingly important to help keep our accounts secure. As a user, you should enable MFA on accounts with valuable data. …Multi Factor Auth7 min readMulti Factor Auth7 min read
