AGAnjali Garginlearnera.hashnode.devJWT vs Session Authentication: When Should You Use Each?Introduction Authentication is a fundamental part of modern web applications. Two of the most commonly used methods are Session-Based Authentication and JWT (JSON Web Token) Authentication. While both2h ago·4 min read
AGArnav Guptainarnav.techArchitecting TwoFac: My Journey into Kotlin Multiplatform Module StructureIn my previous post, I talked about why I'm building TwoFac. The short version? I got tired of proprietary "digital cages" like Authy and wanted an authenticator that was open, secure, and—most import4d ago·7 min read
MNMilan Nikicinsecuritydepth.hashnode.devAuthentication Vulnerabilities in Java: Credential Transmission & Password Reset (Part 2)In Part 1, we have already discussed the password policies based on the guidelines provided by the NIST, rate limiting for preventing brute-force attacks, and preventing username enumeration through c3d ago·19 min read
AAAyodele Aransiolainfreecodecamp.orgHow to Prevent IDOR Vulnerabilities in Next.js API RoutesImagine this situation: A user logs in successfully to your application, but upon loading their dashboard, they see someone else’s data. Why does this happen? The authentication worked, the session isFeb 27·9 min read
KPKirtan Patelinkjpatel.hashnode.devBetter Auth with Neon DB + Drizzle ORMOver the past two years I’ve used Supabase for almost every project — it made building apps fast and effortless. I didn’t have to worry about sessions, token exchange/refresh, or other auth details: cFeb 27·14 min read
MSMedha Singhinmedhaa.hashnode.devHow websites instantly invalidate your old passwordWhen you change your password, you must have noticed that you are forced to log out of the site, and within the next second, the old password becomes invalid. How does it happen so fast? First - how pFeb 26·5 min read
IIAMDevBoxiniamdevbox.hashnode.devSecure Your Hybrid App with Cross-Device Passkey AuthenticationCross-device passkey authentication allows users to log in to an application using a passkey created on one device on another device without needing to enter a password. This method leverages WebAuthn, a standard for strong, secure authentication, en...Feb 25·8 min read
DDeepSeaXindeepseax.hashnode.dev5 Ways Attackers Bypass Your 2FA — A Penetration Tester's PerspectiveYou enabled two-factor authentication on everything. You feel secure. You should not. MFA bypass is one of the most common findings in penetration tests. Attackers routinely bypass 2FA using techniques that have been known for years, and most organiz...Feb 25·3 min read
MSMahaboob Subhani Syedinsubhani-syed.hashnode.devHow do MFA Codes work??Introduction We've all used MFA codes in our daily routines, those six-digit numbers that change every 30 seconds on our authenticator apps. For me, it was a daily ritual, logging into my client VDI fFeb 23·9 min read
MNMilan Nikicinsecuritydepth.hashnode.devAuthentication Vulnerabilities in Java: Password Security & Rate Limiting (Part 1)Authentication is the most critical security boundary within a web application. A user claims to be Alice: the application has to validate that claim before granting access. Despite the long history oFeb 23·17 min read
