#security
-
I'm not gonna say JSON Web Tokens are *bad* (if used properly), but I'm also not gonna say they're *great* either.
Here's an interesting alternative though: PASETO
https://developer.okta.com/blog/2019/10/17/a-thorough-introduction-to-paseto -
Stay safe out there kids https://twitter.com/digitallawyer/status/1181348689756864513
-
API security touches upon various different topics. I am discussing a couple of common #API #security pitfalls at the @OWASPLondon meetup tonight. Here's an extended slide deck, with a ton of useful information. https://buff.ly/2N7ySAz
Come say hi tonight, and share this info!
-
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know!
-
This @jack situation is making me rethink my phone number strategy. I've been treating my SIM number as disposable and easily replaceable, where the number I use for 2FA is a google voice number. But now I'm thinking treating my SIM number as a password is a better plan.
-
TIL even web developers aren't safe from side-channel attacks. Nice overview of CORB and why it's important. https://developer.okta.com/blog/2019/08/26/combat-side-channel-attacks-with-corb
-
Come to the @oktadev booth at #KCDC2019 to chat with fun and awesome people about #oauth #security and win stuff in it developer challenge! @briandemers @aaronpk @afitnerd @okta #Okta
-
Good reminder to add "check whether the password field supports pasting from password managers" to my list of criteria when deciding where to open a bank account. https://twitter.com/KeyBank_Help/status/1148247347463446528
-
Biggest laugh at #IIW so far: when @justin__richer in his session on “Is #selfsovereignidentity really possible” turned to Dave Crocker and said that we can all blame him for the Internet not having #security built in from the start.
