Identity Security
In-depth guides and analysis on identity security from the Safeguard engineering team.
15 articles
FBI Warns on Kali365: A PhaaS Kit That Steals M365 OAuth Tokens and Bypasses MFA (May 2026)
The FBI's May 21, 2026 IC3 advisory details Kali365, a Telegram-distributed phishing-as-a-service kit that uses device-code phishing to capture Microsoft 365 access and refresh tokens, granting password-free, MFA-immune persistence.
SPIFFE/SPIRE identity
What is SPIFFE/SPIRE? A plain-language breakdown of the SPIFFE identity framework, SPIRE workload identity, SVIDs, and how it compares to plain mTLS.
SVID (SPIFFE Verifiable Identity Document)
An SVID (SPIFFE Verifiable Identity Document) is a cryptographic identity for software workloads. Learn what an SVID is, its X.509 and JWT formats, and how it works.
mTLS (mutual TLS)
What is mTLS? A precise breakdown of mutual TLS authentication, how it differs from standard TLS, why service meshes depend on it, and how to handle certificate rotation.
OIDC (OpenID Connect)
A precise technical answer to "what is OIDC": how OpenID Connect extends OAuth 2.0 with ID tokens, federated identity, and token exchange to secure modern authentication.
Workload identity federation
What is workload identity federation? A precise breakdown of keyless cloud authentication, GitHub Actions OIDC, and short-lived credentials replacing static API keys.
JWT (JSON Web Token)
A JWT (JSON Web Token) is a compact, signed token used to prove identity and claims between systems. Here's how they work, and where they break.
PASETO tokens
PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.
Zero trust architecture (ZTA)
A precise definition of zero trust architecture, the NIST 800-207 model, ZTNA vs VPN, and how zero trust principles apply to securing modern software supply chains.
How to set up mutual TLS (mTLS) between microservices
A step-by-step guide to configuring mTLS across microservices with Istio — from CA setup and PeerAuthentication policies to certificate rotation and verification.
How to rotate SSH keys safely
A step-by-step guide to rotating SSH keys without downtime: inventory existing keys, generate new pairs, cut over safely, revoke old keys, and verify nothing was missed.
How to implement zero trust network architecture
A practical, step-by-step guide to implement zero trust network architecture: identity, microsegmentation, posture checks, policy-as-code, and verification.