GitHub is tightening npm security by removing infected packages, enforcing two‑factor authentication for publishing, shortening token lifespans, and expanding trusted publishing to curb the Shai‑Hulud worm and protect the open‑source supply chain.
This guide walks you through seven practical SSH hardening techniques—from changing the default port and disabling password logins to deploying Fail2ban, IP whitelisting, connection limits, two‑factor authentication, and a honeypot—showing why each step matters and how to implement it securely.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common token security threats such as theft, replay, and forgery, and presents practical mitigation measures including HTTPS, encryption, secure storage, short expiration, MFA, and safe token refresh mechanisms.
This tutorial explains how to enhance SSH security by integrating Google Authenticator for two‑factor authentication, covering SSH basics, Google Authenticator overview, Linux installation steps, PAM configuration, client setup on Android, browsers, and Python, with complete command examples.
The article explains how fatigue attacks target Microsoft accounts by repeatedly sending login prompts, describes Microsoft's new numeric verification safeguard, and offers practical security measures such as changing passwords, using passkeys, switching to alternative authenticators, and updating the linked email to protect personal data.
Learn how to strengthen SSH logins by integrating Google Authenticator on Linux, covering the protocol basics, installing required packages, configuring PAM and sshd, generating secret keys, and using Android, browser, and Python clients for two‑factor authentication.
This article explains the TOTP algorithm behind time‑based one‑time passwords, outlines its security benefits and common use cases such as online logins, VPNs, and hardware tokens, and provides a practical Python implementation with code examples using the pyotp library.
This guide explains why GitHub’s 2FA setup may lack a China option, shows a JavaScript workaround that no longer works, and details the reliable method of completing verification using authenticator apps and a QR code.
This guide explains how to add two‑factor authentication to a Spring Security‑based Java web application using Google Authenticator, Authy, or a custom TOTP module, covering configuration, code implementation, and testing procedures.
This article explains how to add two‑factor authentication to a Spring Security‑based Java web application by integrating Google Authenticator, Authy, or a custom TOTP module, covering required dependencies, service implementations, security configuration, and testing procedures.
This article explains what brute‑force attacks are, why they threaten PHP applications, and presents three practical defenses—two‑factor authentication, enforced password policies, and brute‑force mitigation techniques—along with complete PHP code examples for each method.
Starting March 13, 2023, GitHub will enforce two‑factor authentication for all contributors, rolling out the requirement gradually based on activity and project impact, to strengthen the global software supply chain against account takeover attacks and align with broader cybersecurity policies.
GitHub announced that, starting in 2023, every code contributor must enable two‑factor authentication or lose the ability to push code, a move aimed at strengthening account security across its massive developer ecosystem despite low current adoption rates.
This guide outlines five practical SSH security measures—including two‑factor authentication, changing default settings, certificate‑based login, bastion host deployment, and firewall configuration—to significantly improve the baseline protection of Linux servers.
This guide walks you through installing PAM modules, generating Google Authenticator codes, configuring SSH and sudo for two-factor authentication, setting up Fail2ban to block brute-force attempts, and recovering from lockouts, providing all commands and configuration steps for a hardened Linux server.
This article examines common security risks such as brute‑force attacks, CAPTCHA bypass, login throttling, IP blocking, man‑in‑the‑middle threats, and outlines practical mitigation techniques including CAPTCHA, rate limiting, IP restrictions, mobile verification, HTTPS enforcement, and data encryption to harden web login functionality.
This article introduces Authelia, an open‑source authentication and authorization server that provides two‑factor authentication and single sign‑on, explains how it integrates with reverse proxies like Nginx, Traefik or HAProxy, outlines installation options, showcases its UI and key security features, and shares its GitHub statistics and link.
This article examines common security threats to login APIs such as brute‑force attacks, CAPTCHA bypass, IP blocking, and man‑in‑the‑middle attacks, and presents practical mitigation techniques including rate limiting, captcha, phone verification, HTTPS, and encrypted transmission to harden authentication systems.
This article outlines the most common web application security threats—including XSS, SQL injection, CSRF, transmission hijacking, credential leaks, brute‑force attacks, and token theft—and provides practical mitigation techniques such as proper escaping, CSP, parameterized queries, CSRF tokens, HTTPS, HSTS, HPKP, encrypted password storage, two‑factor authentication, and robust token handling.
The article outlines a WeChat‑based two‑factor authentication design that binds user accounts via QR codes, leverages WeChat push messages to avoid SMS reliability issues, addresses daily‑message limits and mobile scanning constraints, and demonstrates how this approach can enhance security while preserving a seamless user experience.
This tutorial explains how to protect SSH logins by installing Google Authenticator, generating a secret key, configuring PAM and sshd, and using an Android device to provide time‑based one‑time passwords, complete with installation commands, troubleshooting tips, and verification steps.
