authentication-security
Safeguard articles tagged "authentication-security" — guides, analysis, and best practices for software supply chain and application security.
6 articles
What is Session Hijacking
Session hijacking lets attackers seize an active, authenticated session and bypass passwords and MFA entirely. Here's how it works and how to stop it.
What is Credential Stuffing
Credential stuffing uses billions of breached passwords to hijack accounts at scale. Learn how it works, real breaches it caused, and how to stop it.
What is a Brute Force Attack
A brute force attack guesses credentials until one works. Learn how attackers execute it, real breach data, warning signs, and effective defenses.
Weak Password Recovery Mechanisms
From Sarah Palin's 2008 Yahoo hack to the 2014 iCloud photo leak, weak password recovery flows keep giving attackers account takeover without a password.
Common Insecure Suggestions in SQL and Auth Code from AI ...
Across studies from Stanford to BaxBench, AI assistants keep suggesting string-concatenated SQL and hardcoded JWT secrets. Here is the pattern, by the numbers.
Password Security Storage: Hashing Done Right
Password security storage still gets built wrong in 2024 — here's what a correct implementation looks like, from algorithm choice to salt handling to migration.