Infosecurity-magazine.com

The Growing Threat of Broken Authentication Attacks on APIs

Application programming interfaces (APIs) are integral to the functionality of the internet today. By enabling communications between programs, they make many processes more efficient and convenient, ...
ZDNet

IETF approves new internet standards to secure authentication tokens

The Internet Engineering Task Force (IETF) --the organization that develops and promotes Internet standards-- has approved three new standards this week designed to improve the security of ...
Security Boulevard

Building Secure User Portals for Content-Heavy SaaS Applications

Learn how to build secure user portals for content-heavy SaaS using passwordless authentication, RBAC, session security, and CDN protection.
Bleeping Computer

Latest Authentication Tokens news

Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive ...
Ars Technica

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched | Ars OpenForum

This is a known issue with OAuth and is how basically any electron app works. The tl;dr is if you're able to steal files "as the user" it's already game over. This is no different than stealing ...
Dark Reading

Not All Multifactor Authentication Is Created Equal

"Two-step verification," "strong authentication," "2FA," and "MFA." Far more people are familiar with these terms today than just a few years ago. Multifactor authentication — or simply MFA — ...