Tag feed

#fido2

17 posts0 followers

Explore Hashnode

Alternatives

Trending tags this week

IIAMDevBoxiamdevbox.hashnode.devMar 22 · 6 min read

AitM Phishing 2026: How Starkiller and Tycoon 2FA Bypass Your MFA

In early March 2026, two events put MFA bypass back in the spotlight. Europol dismantled Tycoon 2FA — the world's largest phishing-as-a-service platform — while a new suite called Starkiller demonstrated that AitM phishing has evolved from a sophisti...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 19 · 6 min read

How Browser UX Shapes Security More Than Cryptography

Cryptography is precise. Browsers are not. If you’ve implemented WebAuthn in a real PWA, you already know this:The spec is clean. The user experience is not. The uncomfortable truth is this: Most authentication systems fail because of UX, not becaus...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 19 · 5 min read

Passwordless: What Worked, What Didn’t, What I’d Change

When designing a passwordless-first PWA architecture, the diagram looks elegant. In production, elegance collides with: Browser inconsistencies Institutional identity constraints Support tickets Device lifecycle chaos Monitoring blind spots Le...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 19 · 5 min read

Why Passwordless Alone Is Not an Identity Strategy

When teams adopt WebAuthn or FIDO2, the excitement is understandable: No passwords. No phishing. No credential stuffing. Biometric UX. Public-key cryptography. It feels like the final answer. But WebAuthn answers exactly one question: Can thi...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 18 · 6 min read

Integrating OIDC (Feide) as Fallback and Recovery

WebAuthn gave us phishing-resistant, device-bound authentication.But devices get lost. Browsers reset. Users switch laptops. Institutions manage identities centrally. That’s where OIDC (Feide) enters — not as a competitor to passwordless, but as stru...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 17 · 7 min read

Implementing WebAuthn in Practice

WebAuthn looks deceptively simple at a high level: Generate challenge Call browser API Verify signature Done In practice, it is not that simple. WebAuthn is cryptographically elegant but operationally unforgiving.Small mistakes create subtle se...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 16 · 6 min read

Passwordless PWA Flow Architecture Walkthrough

Modern authentication diagrams are clean. Real systems are not. My architecture intentionally combines: WebAuthn (FIDO2) for phishing-resistant authentication Feide (OIDC) for federated identity, recovery, and bootstrap SQL Server for credential p...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 10 · 6 min read

WebAuthn & FIDO2, Explained Without the Spec

If you read the WebAuthn specification end to end, you’ll come away with two thoughts: This is extremely well designed. No human should be expected to learn it this way. WebAuthn didn’t appear to make logins prettier. It exists because the web ne...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 8 · 6 min read

What “Passwordless” Actually Means

“Passwordless” has become one of those terms that everyone uses and few people define. Depending on who you ask, it can mean: logging in with Face ID, receiving a magic link by email, approving a push notification, using a security key, or never...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 7 · 6 min read

Authentication Is Not Login

Modern web applications are full of login screens — but surprisingly few of them have a well-designed authentication system. This distinction matters more than it sounds.If you treat authentication as a UI feature instead of a security system, every ...

0

#fido2

Search Hashnode

#fido2

Explore Hashnode

Trending tags this week

AitM Phishing 2026: How Starkiller and Tycoon 2FA Bypass Your MFA

How Browser UX Shapes Security More Than Cryptography

Passwordless: What Worked, What Didn’t, What I’d Change

Why Passwordless Alone Is Not an Identity Strategy

Integrating OIDC (Feide) as Fallback and Recovery

Implementing WebAuthn in Practice

Passwordless PWA Flow Architecture Walkthrough

WebAuthn & FIDO2, Explained Without the Spec

What “Passwordless” Actually Means

Authentication Is Not Login