Safeguard
Tag

authentication

Safeguard articles tagged "authentication" — guides, analysis, and best practices for software supply chain and application security.

46 articles

Product

Set It and Forget It: Onboarding the Guard SDK Just Got a Lot Simpler

Generate a secret key from Settings, drop it into the Guard SDK, and your live security policy is enforced automatically — no manual wiring, no restarts when policy changes. OAuth login is available too.

Jul 6, 20263 min read
Security Guides

OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide

Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.

Jul 5, 20266 min read
Vulnerability Guides

JWT Security Vulnerabilities and How to Avoid Them

JSON Web Tokens are only as safe as how you verify them. The alg:none trick, RS256-to-HS256 confusion, and weak secrets have all led to full auth bypass.

Jul 3, 20265 min read
Concepts

Authentication vs Authorization: What's the Difference?

Authentication proves who you are. Authorization decides what you're allowed to do. One is the ID check at the door; the other is the list of rooms you can enter.

Jul 2, 20265 min read
Security Guides

Spring Security Configuration Guide: The Modern SecurityFilterChain Approach

A practical Spring Security configuration guide for 2026 using the component-based SecurityFilterChain, method security, CSRF, CORS, and password encoding.

Jul 2, 20265 min read
Application Security

How to secure a REST API

REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.

Jun 1, 20266 min read
AI Security

MCP Authentication Patterns for Enterprise

Enterprise MCP deployments need more than a static API key. The protocol is evolving toward OAuth 2.1 and dynamic client registration, and understanding which pattern fits which workload decides whether your rollout survives the first audit.

Mar 8, 20267 min read
Application Security

OAuth vs API Keys

OAuth and API keys aren't interchangeable: one is a static, long-lived credential, the other a scoped, expiring token. Here's how to choose, backed by real breaches.

Mar 8, 20267 min read
Identity Security

JWT (JSON Web Token)

A JWT (JSON Web Token) is a compact, signed token used to prove identity and claims between systems. Here's how they work, and where they break.

Mar 1, 20268 min read
Identity Security

PASETO tokens

PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.

Mar 1, 20267 min read
Cryptography

Cryptographic salt vs pepper

What is a cryptographic salt, and how does it differ from pepper in password hashing? A technical breakdown of salted hashes, bcrypt salt rounds, and best practices.

Feb 26, 20267 min read
Best Practices

What is Single Sign-On (SSO)

SSO lets users log in once to access many apps — but it also concentrates identity into one high-value target. Here's how it works and its real risks.

Feb 15, 20266 min read
authentication (Page 2) — Safeguard Blog