Latest posts

Discover our latest articles and stories

Engineering

What is Role-Based Access Control (RBAC)? Benefits, Comparisons, and Best Practices

Learn everything about role-based access control (RBAC), its benefits, pros and cons, key rules, and comparisons with ABAC and ACL. Discover how Authgear simplifies RBAC for secure and scalable access management.

Industry

Authgear Achieves ISO 27001 and SOC 2 Type 2 Compliance | Enhanced Data Security

Discover how Authgear’s ISO 27001 and SOC 2 Type 2 compliance ensures top-tier security and privacy for your data. Learn what this milestone means for you and your business.

Engineering

PKCE in OAuth 2.0: How to Protect Your API from Attacks

Learn everything you need to know about PKCE, a security extension for OAuth 2.0 that helps protect your API from authorization code interception and other attacks. Discover how PKCE works, its benefits, and best practices for implementation.

Industry

LDAP Explained: A Comprehensive Guide with Authgear Integration

Discover everything you need to know about LDAP, from its fundamentals to its integration with modern authentication solutions like Authgear. Learn about LDAP's benefits, challenges, and how to enhance its security.

Industry

SCIM Provisioning: A Comprehensive Guide to Simplifying User Management

Discover how SCIM provisioning can streamline your user account management, improve security, and enhance productivity.

Industry

Master API Gateway Authentication: Secure Your APIs Today

Learn how to implement robust API gateway authentication to protect your APIs. This comprehensive guide covers authentication methods and best practices.

Industry

SAML vs OAuth: Which Authentication Method is Right for You?

Learn the key differences between SAML and OAuth, two essential identity management protocols. Discover when to use each for optimal security and user experience.

Engineering

How to Add Authentication to a React Native app in 10 Minutes

In this we teach how add a full user authentication feature to any React Native application under 10 minutes.

Industry

Passkey vs Password: Why Passkeys Are the Future of Security

Tired of weak passwords and constant security threats? Discover the advantages of passkeys over traditional passwords. Learn how passkeys offer stronger security, improved convenience, and a smoother user experience. Upgrade your online protection today!

Engineering

How Does Biometric Authentication Work? A Comprehensive Guide to the Future of Security

Discover how biometric authentication works, from fingerprints to facial recognition. Explore the technology, benefits, challenges, and its role in shaping the future of secure identity verification.

Engineering

Password Hashing: How to Pick the Right Hashing Function

Almost all popular online services use some form of hash technique to store passwords securely. In this post we cover the different hashing functions, best practices and how to pick the best one for your application and organisation.

Industry

Top Three Types of User Authentication

User Authentication is basically a security check that confirms who a user is before allowing them to access a system. There are many methods and options for adding user authentication to an application. This post discusses the top 3 types of user authentication and how to pick the right one for your use case.

Industry

Ditch the Password, Secure Your Accounts with YubiKey: The Future of Authentication is Here

In today's digital world, our online identities are more important than ever. Protecting them with strong passwords feels like a constant, uphill battle. But what if there was a better way? Enter the YubiKey, a powerful hardware authentication device that offers unmatched security and convenience.

Industry

OIDC vs. SAML: Decoding the SSO Showdown (And Why It Matters for Your Business)

Choosing the right Single Sign-On (SSO) solution for your business can feel like traversing a labyrinth of acronyms. Enter the two reigning champions: OIDC and SAML. Fear not, weary traveler, for this blog post will be your Rosetta Stone, demystifying the OIDC vs. SAML duel and equipping you to choose the victor for your digital kingdom.

Industry

Securing Your Enterprise: Why SOC 2 Compliance is the Key (and How Authentication Holds the Lock)

In today's data-driven world, where information is the lifeblood of business, trust is paramount. Enterprises entrust service providers with sensitive data, from customer records to financial transactions. But how can companies ensure their data is handled with the utmost security and privacy? Enter SOC 2 compliance, a powerful framework that sets the gold standard for data security practices.

Industry

Securing the Perimeterless: Dive Deep into Zero Trust Architecture with Continuous Authentication

The cost of digital vulnerabilities is staggering. In 2023 alone, cybercrime is estimated to cause $6 trillion in global damages, a figure expected to balloon to $10.5 trillion by 2025. Every minute, 117 new records are exposed in data breaches, with the average cost of a breach topping $4 million. Closer to home, 46% of all cyberattacks target businesses with fewer than 1,000 employees, illustrating the widespread reach of the threat.

Industry

Taming the Workforce Wild West: WIAM for Extended Workforces and Access Management for Frontline & Contractors

The modern workplace is no longer a nine-to-five saloon. It's a bustling frontier of diverse talent, from frontline staff to seasoned contractors. But managing their access? That's where things get dusty. Traditional WIAM solutions are like rickety stagecoaches – slow, clunky, and full of security holes.

Engineering

Add Social Login to Your Laravel Project Using any Provider

Social login allows users to log in to your website using their existing account on social sites like Facebook, Twitter (X), and Google. In this post, we show how to implement social login in a Laravel project using any social login provider.

Industry

Build vs Buy in 2023: Top Considerations for Choosing Identity Management Solution

Choosing between building or buying an identity management solution is not a straightforward decision. In this article, we'll dive into the key considerations that can guide this decision.

Engineering

Defend Against Broken Access Control: Protect Your Application Today

Discover how to prevent broken access control vulnerabilities and safeguard your application from unauthorized access. Learn about common attack types, prevention strategies, and expert guidance. Protect your business with our expert security solutions.

Engineering

What is OAuth 2.0 and How it Works

The evolution, mechanics, real-life applications and advantages of the secure OAuth 2.0 framework.

Engineering

Authentication for ASP.NET apps with Authgear and OpenID Connect

This blog post demonstrates how to add authentication features to ASP.NET apps with Authgear by implementing an OpenID Connect flow.

Engineering

Get Notified in Slack for Every New User Sign Up With Authgear

This article will guide you through the process of integrating Authgear's Hooks and Events with Slack to send immediate notifications in Slack when a new user signs up.

Engineering

Add Authentication to Any Web Page in 10 Minutes

This post demonstrates how to easily add authentication to any Javascript Single Page Application (SPA) using Authgear.

Engineering

How Profile Enrichment can boost your product

Explore how enriching user profiles work, their benefits, and how you can enable it using Authgear to boost your product usage by understanding who your customers are.

Easy Passwordless Login Experience with Magic Links and Authgear

This post explores what magic links are and what you need to know to implement an email-powered login flow for your users with Authgear.

Engineering

Authentication for Spring Boot App with Authgear and OAuth2

Learn how to add authentication to your Java Spring Boot application using OAuth2 with Authgear as the Identity Provider.

Engineering

Simplifying Authentication Integration For Developers With Authgear SDKs

Authgear SDK libraries make it easy for developers to integrate and interact with Authgear.

Industry

What Is Identity as a Service (IdaaS) And Why Does Your Business Need It?

Learn more about identity as a service and how cloud-based IAM can provider better scalability, streamline access management, and deliver smoother user experience.

Ben Cheng
Industry

How to Elevate Digital Customer Experience with CIAM?

Discover how CIAM solutions serve as the essential foundation to elevate digital customer experience, unlock seamless interactions and build customer loyalty.

Ben Cheng
Industry

Frictionless Authentication: What Is It & How To Implement It?

Learn more about frictionless authentication and how to achieve it with passwordless innovations, practical strategies, and forward-thinking approaches to enhance user experience and security.

Ben Cheng
Industry

What is Customer SSO and Why Should You Implement it?

Learn more about the advantages of Single Sign-On for your customers and how your business can benefit from a unified login experience.

Fung
Industry

Social Login - Why You Should Implement It

Learn how to easily enable social login in your website or app to increase conversion rate and deliver smoother user experience.

Ben Cheng
Engineering

Password Spraying: What It Is and How to Prevent It?

Learn more about password spraying and the different methods to protect your users from it with Authgear.

Ben Cheng
Engineering

What Is Session Management: Threats and Best Practices

Session management is the process of handling interactions between a user and a web application. To understand its importance, consider that HTTP, the protocol underlying the web, is stateless. This means each request from a user is treated independently, and the server has no inherent way to remember or track a user's actions across multiple requests. Session management addresses this by creating a session—a series of related user interactions within a specific timeframe. By managing sessions effectively, web applications can maintain user state, personalize experiences, and enhance security. In this article, we'll delve into the complexities of session management, explore potential threats, and provide best practices to safeguard your web application.

Ben Cheng
Industry

Authentication vs. Authorization: The Differences in One Table

Learn more about the differences between authentication and authorization, two important security processes, with one simple table.

Ben Cheng
Industry

Insurance IAM: How It Helps Acquire More Clients and Facilitate Collaboration?

IAM does more than just enhancing data security for insurance companies. IAM also helps acquire and retain more users and facilitate collaboration with external team members for insurance. See how IAM achieves these with our guide.

Fung
Engineering

Credential Stuffing: What It Is and How to Prevent It?

Credential stuffing is a type of cyberattack involving use of stolen credentials and bots to gain access to user accounts. Learn more about it and how to prevent it with Authgear.

Fung
Highlight

Broken Authentication: What Is It and How to Prevent It

Broken authentication is one of the OWASP Top 10 vulnerabilities that involves hackers impersonating users to compromise data security. See what the causes are and how to avoid broken authentication.

Fung
Industry

Extended Enterprise and Identity & Access Management: The Challenges & Solutions

Extended enterprise, including customers, partners, contractors, etc., poses some new identity & access challenges for businesses. Learn more about the challenges and solutions.

Industry

Authentication-as-a-Service: What Is It and Why You Need It

By integrating their apps or software with authentication-as-a-service solution, businesses can provide frictinoless signup/login experiences and more

Fung
Engineering

4 Things We Learned Supporting Passkeys

Passkeys have the potential to completely replace passwords, but it isn't perfect yet. Learn more about what you might encounter when supporting them.

Fung
Highlight

Passkeys Compatibility: Which Platforms Support Passkeys?

Passkeys are now supported by iOS, macOS, Chrome and Android. Learn more about passkeys and their compatibility with major browsers and platforms.

Fung
Industry

Tech Giants Take One Step Closer to a Future without Passwords

Apple, Google, and Microsoft have committed to make passwords a thing of the past, taking another step towards a future without passwords.

Fung
Industry

What Is SMS Authentication and Should You Implement It?

SMS authentication is one of the most common methods of authentication that verifies user identity via text messages.

Industry

Is SMS OTP Reliable? Its Vulnerabilities and Alternatives

Learn more about what makes SMS OTP so popular, how SMS OTP works, its risks, and alternatives to better protect your users.

Engineering

From Login to Lockdown: Building Secure Authenticated Applications

Master the art of building secure authenticated applications. Learn about authentication methods, access tokens, and implement robust security with Authgear. Your comprehensive guide to safeguarding user data.

Industry

How to Increase Marketing ROI with WhatsApp Marketing

Marketing on WhatsApp is a more cost-effective and efficient way to promote your brands, increase marketing ROI, and engage with your customers.

Industry

Why You Need Customer Identity and Access Management (CIAM)?

Customer Identity and Access Management (CIAM) does more than managing and verifying users’ identities. See why you need a CIAM solution.

Industry

Sign Up Form Best Practices: Skyrocket Your App Conversion Rate

Explore the top 5 sign up page optimization techniques to maximize the sign up rate for your apps and grow your user base.

Industry

The Right to Erasure and How You Can Follow It for Your Apps

Under GDPR, users of mobile apps or software are entitled to have their data removed. This is known as the right to erasure or right to be forgotten.

Engineering

Password Hashing and Salting Explained

Learn more about password hashing and salting to better protect your users' passwords from malicious attacks.

Fung
Highlight

6 Tips to Strengthen Your Security: Authentication Best Practices Guide

Protect your web application and authentication server with expert guidance. Learn essential authentication best practices, including securing login processes, password management, and server protection. Discover how Authgear can simplify your authentication and enhance security.

Industry

Passwordless Authentication: All You Need to Know For Better Security

Learn more about why passwordless authentication has been adopted by all industries and how you can implement it with ease.

Industry

Biometric Authentication: Why Do Your Applications Need It in 2024?

Biometric authentication provides better data security and user experience for users. Learn more about the different biometric authentication methods.

Fung
Industry

In-App Account Deletion Required by App Store Starting June 30, 2022

Apple will soon require apps to allow users to initiate account deletion. Learn more about the upcoming policy and how you can prepare for it.

Industry

How to protect your users from automated attacks

Let’s explore the best ways to protect your users from the rapidly evolving menace of automated attacks.

Highlight

Session vs Token Authentication

Sessions and Tokens, which of these authentication methods best suits your website or application? Let’s find out.

Engineering

Password Reset Best Practices: Avoid Common Pitfalls and Secure Your Users

Discover essential password reset best practices to safeguard your authentication system. Learn how to prevent common security breaches, protect user data, and enhance user experience. Bolster your application's security with expert insights and actionable tips.

Industry

What Is Multi-Factor Authentication (MFA) And How Does It Work?

The fact is, if you aren’t using multi-factor authentication (MFA), then your accounts are not as secure as you think.

Integrations

Send OTP on WhatsApp 2022

OTPs are essential to verify transactions and logins. In Authgear, you can send OTPs with the messenger services they are familiar with.

Preferences

Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.

Accept all cookies

These items are required to enable basic website functionality.

Always active

These items are used to deliver advertising that is more relevant to you and your interests.

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.