Safeguard
Topic

Identity Security

In-depth guides and analysis on identity security from the Safeguard engineering team.

15 articles

Identity Security

FBI Warns on Kali365: A PhaaS Kit That Steals M365 OAuth Tokens and Bypasses MFA (May 2026)

The FBI's May 21, 2026 IC3 advisory details Kali365, a Telegram-distributed phishing-as-a-service kit that uses device-code phishing to capture Microsoft 365 access and refresh tokens, granting password-free, MFA-immune persistence.

May 22, 202611 min read
Identity Security

SPIFFE/SPIRE identity

What is SPIFFE/SPIRE? A plain-language breakdown of the SPIFFE identity framework, SPIRE workload identity, SVIDs, and how it compares to plain mTLS.

Mar 2, 20267 min read
Identity Security

SVID (SPIFFE Verifiable Identity Document)

An SVID (SPIFFE Verifiable Identity Document) is a cryptographic identity for software workloads. Learn what an SVID is, its X.509 and JWT formats, and how it works.

Mar 2, 20267 min read
Identity Security

mTLS (mutual TLS)

What is mTLS? A precise breakdown of mutual TLS authentication, how it differs from standard TLS, why service meshes depend on it, and how to handle certificate rotation.

Mar 2, 20267 min read
Identity Security

OIDC (OpenID Connect)

A precise technical answer to "what is OIDC": how OpenID Connect extends OAuth 2.0 with ID tokens, federated identity, and token exchange to secure modern authentication.

Mar 1, 20267 min read
Identity Security

Workload identity federation

What is workload identity federation? A precise breakdown of keyless cloud authentication, GitHub Actions OIDC, and short-lived credentials replacing static API keys.

Mar 1, 20268 min read
Identity Security

JWT (JSON Web Token)

A JWT (JSON Web Token) is a compact, signed token used to prove identity and claims between systems. Here's how they work, and where they break.

Mar 1, 20268 min read
Identity Security

PASETO tokens

PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.

Mar 1, 20267 min read
Identity Security

Zero trust architecture (ZTA)

A precise definition of zero trust architecture, the NIST 800-207 model, ZTNA vs VPN, and how zero trust principles apply to securing modern software supply chains.

Feb 28, 20267 min read
Identity Security

How to set up mutual TLS (mTLS) between microservices

A step-by-step guide to configuring mTLS across microservices with Istio — from CA setup and PeerAuthentication policies to certificate rotation and verification.

Feb 19, 20266 min read
Identity Security

How to rotate SSH keys safely

A step-by-step guide to rotating SSH keys without downtime: inventory existing keys, generate new pairs, cut over safely, revoke old keys, and verify nothing was missed.

Feb 18, 20268 min read
Identity Security

How to implement zero trust network architecture

A practical, step-by-step guide to implement zero trust network architecture: identity, microsegmentation, posture checks, policy-as-code, and verification.

Feb 14, 20267 min read
Identity Security — Supply Chain Security Blog | Safeguard