authentication
Safeguard articles tagged "authentication" — guides, analysis, and best practices for software supply chain and application security.
46 articles
Set It and Forget It: Onboarding the Guard SDK Just Got a Lot Simpler
Generate a secret key from Settings, drop it into the Guard SDK, and your live security policy is enforced automatically — no manual wiring, no restarts when policy changes. OAuth login is available too.
OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide
Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.
JWT Security Vulnerabilities and How to Avoid Them
JSON Web Tokens are only as safe as how you verify them. The alg:none trick, RS256-to-HS256 confusion, and weak secrets have all led to full auth bypass.
Authentication vs Authorization: What's the Difference?
Authentication proves who you are. Authorization decides what you're allowed to do. One is the ID check at the door; the other is the list of rooms you can enter.
Spring Security Configuration Guide: The Modern SecurityFilterChain Approach
A practical Spring Security configuration guide for 2026 using the component-based SecurityFilterChain, method security, CSRF, CORS, and password encoding.
How to secure a REST API
REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.
MCP Authentication Patterns for Enterprise
Enterprise MCP deployments need more than a static API key. The protocol is evolving toward OAuth 2.1 and dynamic client registration, and understanding which pattern fits which workload decides whether your rollout survives the first audit.
OAuth vs API Keys
OAuth and API keys aren't interchangeable: one is a static, long-lived credential, the other a scoped, expiring token. Here's how to choose, backed by real breaches.
JWT (JSON Web Token)
A JWT (JSON Web Token) is a compact, signed token used to prove identity and claims between systems. Here's how they work, and where they break.
PASETO tokens
PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.
Cryptographic salt vs pepper
What is a cryptographic salt, and how does it differ from pepper in password hashing? A technical breakdown of salted hashes, bcrypt salt rounds, and best practices.
What is Single Sign-On (SSO)
SSO lets users log in once to access many apps — but it also concentrates identity into one high-value target. Here's how it works and its real risks.