Pivot-Lite by Fors is a #free two-operator #virtual #FM #synth that uses similar approach as Elektron Digitone groovebox. It requires #registration for the #download but no #online #authentication, which is great.
I'm getting tired of audio #software developers requiring additional authentication software to run the software I buy with my own money. Companies like Steinberg require 5 different apps to run one of their instruments. Here is a developer for once that says no authorisation needed.
The @w3c Linked Web Storage specification aims to create #WebApps with loosely coupled components like data #storage and #authentication, unlike today's tightly integrated systems.
The "Linked Web Storage Use Cases" document is published as a Draft Note. It presents user stories, use cases, and necessary requirements. 
https://www.w3.org/TR/lws-ucs/
You’re welcome to contribute! https://github.com/w3c/lws-ucs/
Thought it is high time to finally set #2FA on my #DeviantArt account... Turned out it's premium feature for paid accounts 
Successful #evaluation for ESS: From May 26 to 18, 2025, a group of international scientists visited Karlsruhe to evaluate, among other things, the Topic Engineering Secure Systems (ESS). The guests came from ETH Zurich, the University of Wisconsin-Madison, and the University of Leuven, among others. ESS is one of three (sub)topics in the Program Engineering #Digital Futures (EDF) in the @helmholtz Research Field “Information.” We at SECUSO are involved in ESS as part of the Human and Societal Factors (HSF) research group. HSF presented the work of the research group in four demonstrators from the areas of #security #awareness, user #authentication, legal design patterns, and securing democracies. Further information can be found in the special issue on Topic Engineering Secure Systems: https://kastel-labs.de/wp-content/uploads/2025/06/KI06-2502-085_Kastel-25_Special-Issue_fuer-web.pdf
-> That warning e-mail itself asks whether you find it suspicious, or whether you yourself attempted to log in. It is the latter. But that button leads to nothing. It doesn't throw the e-mail away either. Only an extra screen with explanation and a 'cancel' button (which also does nothing, because it links to the previous screen).
Well. Clearly a bug. 2/2
#google #security #authentication #2FA
@aral wrote: "If your friends and family are trying to phish you, you have bigger problems."
Phishing means that an adversary *claiming to be* someone you know (including friends and family) convinces you to click on a link.
The purpose of a certificate, telling a receiver *WHO* (human readable) owns the associated private key (the last resort to distinguish between fake and authentic), now has completely vanished.
As if phishing is not already the nr. 1 problem on the internet.
Note: I'm fine with the idea provided that browsers clearly inform users about the reliability of authenticity (I've read your article, did you read https://infosec.exchange/@ErikvanStraten/113079966331873386 ?)
ClickFix attacks skyrocketing more than 500% https://www.helpnetsecurity.com/2025/06/26/clickfix-attacks-fakecaptcha-eset-report/ #authentication #cybersecurity #cybercrime #Don'tmiss #phishing #research #attacks #scams #News #ESET
Just released: #swad 0.12 
swad is the "Simple Web Authentication Daemon". It basically offers adding form + #cookie #authentication to your reverse proxy (designed for and tested with #nginx "auth_request"). I created it mainly to defend against #malicious_bots, so among other credential checker modules for "real" logins, it offers a proof-of-work mechanism for guest logins doing the same #crypto #challenge known from #Anubis.
swad is written in pure #C with minimal dependencies (#zlib, #OpenSSL or compatible, and optionally #PAM), and designed to work on any #POSIX system. It compiles to a small binary (200 - 300 kiB depending on compiler and target platform).
This release brings (among a few bugfixes) improvements to make swad fit for "heavy load" scenarios: There's a new option to balance the load across multiple service worker threads, so all cores can be fully utilized if necessary, and it now keeps lots of transient objects in pools for reuse, which helps to avoid memory fragmentation and ultimately results in lower overall memory consumption.
Read more about it, download the .tar.xz, build and install it .... here:
#Facebook is adding #passkey support to its #mobileapp, allowing users to log in using their device’s #authentication method: aims to enhance security and protect against phishing attacks. https://www.theverge.com/news/689410/facebook-passkey-support-phishing-attacks?eicker.news #tech #media #news
https://www.europesays.com/uk/178554/ Small Businesses Skip Digital Wallets for Cross-Border Payments #authentication #CrossBorderPayments #DigitalWallets #FeaturedInsights #FeaturedNews #GlobalMoneyMovement:U.S.Edition #GlobalPayments #Mobile #MobileWallets #News #PYMNTSIntelligence #PYMNTSNews #PYMNTSStudy #Security #SMBs #Technology #TerraPay #UK #UnitedKingdom
@quinta wrote: "a on/off attribute attestation is absolutely not deanonymization"
1) Nothing online provides 100% reliability of identitity. An on/off attribute attestation definititely implies *partial* deanonymization - even if that is *seemingly* without risk.
2) Slippery slope: regardless whether the proponents want you to believe that they don't anticipate that fraud is too easy with just an on/off 18+ attribute, or they're really that naive: either way, more identifying attributes will be added soon.
"The author of this library would like everyone to know that he was, in fact, well-aware of this requirement, thought about it a lot while designing the library, and then, somehow, forgot to actually make sure the check was in the code. That is, it's not that he didn't know what he was doing, it's that he knew what he was doing but flubbed it."
#GenAI #LLM #Cloudfare #Security #CodeAssistants #Copilot #Agentic #CVE #Authentication #FOSS
#Fingwit is the missing #fingerprint #authentication tool for #Linux. It enhances security by intelligently managing when it should be used.
It integrates with the fprintd daemon and a dynamic PAM module to prevent login issues.
Set to be included in #LinuxMint 22.2, it enables authentication for login screens, sudo commands, and admin tasks.
The tool is Free #opensource software under the GPLv3+ license and provides an #AppImage for easy installation.
Self-Host Weekly (6 June 2025)
Open-sourced government apps, software updates and launches, a spotlight on #Tinyauth -- a simple #authentication middleware, and more in this week's self-hosted recap!
AIMindUpdate News!
Tired of passwords? OpenAI's "Sign In with ChatGPT" is poised to shake up online authentication, leveraging its 600M users. #OpenAI #ChatGPT #Authentication
Click here↓↓↓
https://aimindupdate.com/2025/06/02/openais-sign-in-with-chatgpt-disrupting-the-authentication-game
Plans, Policies, and Procedures: Identification and Authentication
Defines how an organization establishes and verifies a user's identity for access to systems and resources.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #Identification #Authentication #technology
M&S cyber-attack: how to protect yourself from sim-swap fraud
#Tech #CyberSecurity #SIMSwap #DataProtection #2FA #Smartphones #SIMCards #MSCyberAttack #IdentityTheft #OnlineSafety #Authentication #FraudPrevention #TechSecurity #CyberAttack
https://the-14.com/ms-cyber-attack-how-to-protect-yourself-from-sim-swap-fraud/
Just released: #swad 0.11 -- the session-less swad is done!
Swad is the "Simple Web Authentication Daemon", it adds cookie/form #authentication to your reverse #proxy, designed to work with #nginx' "auth_request". Several modules for checking credentials are included, one of which requires solving a crypto challenge like #Anubis does, to allow "bot-safe" guest logins. Swad is written in pure #C, compiles to a small (200-300kiB) binary, has minimal dependencies (zlib, OpenSSL/LibreSSL and optionally libpam) and *should* work on many #POSIX-alike systems (#FreeBSD tested a lot, #Linux and #illumos also tested)
This release is the first one not to require a server-side session (which consumes a significant amount of RAM on really busy sites), instead signed Json Web Tokens are now implemented. For now, they are signed using HMAC-SHA256 with a random key generated at startup. A future direction could be support for asymmetric keys (RSA, ED25519), which could open up new possibilities like having your reverse proxy pass the signed token to a backend application, which could then verify it, but still not forge it.
Read more, grab the latest .tar.xz, build and install it ... here: 
If your software stores passwords in a way that they can be retrieved, and your software isn't a password manager, your software is broken.
Verifying that a password provided by a user is correct does not require you to store the password. As an industry we knew this in 1978. It has been 0 days since I saw software that violates this.
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Just released: #swad 0.10
https://github.com/Zirias/swad/releases/tag/v0.10
Swad is the "Simple Web Authentication Daemon". If you're looking for a way to add #authentication (and/or proof-of-work access as known from #anubis) to your #nginx reverse proxy -- without adding yet another reverse proxy -- swad could be for you! It's written in pure #C, has few external dependencies (just zlib, and optionally OpenSSL/Libressl and/or libpam) and compiles to a pretty small binary. It's designed for usage with nginx' 'auth_request'.
Swad is tested on #FreeBSD, some basic functionality tests were also done on #Linux and #illumos (descendant from #solaris). It *should* build and work on most #POSIX-alike systems.
This release mainly brings performance improvements and a few bugfixes. It's now stress-tested with Apache jmeter, verifying it can deal with at least 1000 requests per second on my personal (somewhat limited) FreeBSD host machine.
