Indranil Jha

Adaptive, Step-Up Multi-Factor Authentication

Plain-old authentication is boring. Today I'm going to show you how you can enhance your application's security by providing smart multi-factor authentication (MFA), the kind that takes contextual and behavior-based factors into account. Through this article, I'll explain how this security pattern works. Just know that this pattern is universally applicable to any web-based, mobile, or desktop applications. Why Adaptive Multi-Factor Authentication? While normal MFA is a big step up...

Vickie Li

Intro to Log Analysis: Harnessing Command Line Tools to Analyze Linux Logs

Log analysis is one of the most important tools of a security researcher. In this article, we'll take a quick look at how you can analyze Linux logs using common command-line tools.
Tom Kellermann

The Escalation of Cybercrime

A look at how cybercriminals are attacking the financial sector during the COVID-19 pandemic.
Vickie Li

Common Pitfalls Of Custom SAML Implementations

SAML is a widely-used protocol for single sign-on, but it can be dangerous. In this article, we'll talk about why.
Sami Laine

What’s The Best Security Key to Buy?

There are dozens of security keys, authenticator apps, and password managers available. Which one should you use?
Sami Laine

SMS Two-Factor Authentication – Worse Than Just a Good Password?

If a website offers SMS-based authentication, should you enroll? Maybe not! In some cases, it’s worse than not having a second factor at all!
Marc Rogers

Mobile Phone-Based COVID-19 Contact Tracing

Using technology as a reliable method of tracking carriers of COVID-19 is a great idea, but it is extremely hard to do without creating huge privacy challenges. What Is Contact Tracing and Why Is It Important? Contact tracing is a way of identifying all the people that an infected person has interacted with. By identifying these interactions, it is possible to reach out to them and ensure that they are properly quarantined. Doing this is incredibly important if you want to stop the spread of an...

Vickie Li

Attacking SSO With Subdomain Takeovers

A brief look at how subdomain takeovers can give attackers a meaningful way to compromise single sign-on solutions.
Sami Laine

Factors & Dongles & Tokens, Oh My - Strong Auth Terminology in 7 minutes

MFA, 2FA, SMS, TOTP, U2F, FIDO2,... SMH, OMG. Strong authentication terminology explained.
Sami Laine

WebAuthn Is Great and It Sucks

WebAuthn and FIDO2 promise a great future. Let's see if we can have it today.