Tozny ♥ Magic Links

As secure as your platform might be, chances are high that your users are using the same password for your system as they are for another site or service. Why use passwords at all?

SimpleSAMLphp for Easy Identities

Our most recent series has detailed what’s involved in building and configuring your own centralized authentication service built atop the open source SimpleSAMLphp project.

SimpleSAMLphp Quick Start

As part of an ongoing series, we’re helping to explain ways to configure SimpleSAMLphp as a centralized identity provider (IDP) for your organization.

Post Yahoo, Passwords are Passé

14% of Worldwide Internet Users Were Exposed I’m sure if you are reading this, you are already aware of the historic Yahoo data breach that was announced last week.  500 million accounts affected – the largest number of accounts ever affected by a known breach.  Let’s put that into perspective – according to the US Census Population Clock, the current population …

What’s next after SMS one-time passwords?

NIST has gotten a lot of attention lately because they pointed out that SMS is less secure than many people think, and if you’re trying to shore up passwords with a second login method, you should probably consider using something that’s more secure. This type of “shoring up” of passwords is called two factor authentication, or 2FA for short. People use …

Why We Need To Move Beyond Passwords

In my previous blog, I briefly touched on the fact that many Internet of Things (IoT) devices today have defaulted to the lowest common denominator for security and authentication: passwords. IoT devices — particularly mobile devices — introduce security and privacy risks because most have a limited user interface that can only handle short, easy-to-crack passwords. The proliferation of mobile and …