Auth for business software (B2B) shouldn’t look the same as auth for consumer software (B2C). In many cases, it actually can’t work the same way.
Ned O'LearyA lot of modern software uses JSON Web Tokens, which encode data in Base64. It turns out that you can force the Base64 encoding to include certain long words.
Ned O'LearyPeople really don't like the way multi-factor authentication (MFA) works. It's a bad user experience. I designed some new, user-friendly MFA techniques.
Ned O'LearyI visited the login pages for each state’s Department of Motor Vehicles. Here are the worst ones.
Ned O'Leary2000s XML mania continues to hold modern software back. But there are lasting lessons we can still learn from it.
Ulysse CarionIf you're selling business software, you'll likely run into a customer that wants something called "SCIM." Here's what you need to know.
Ned O'LearyTimezones are weird. But only finitely so. Here's the exact conceptual model you should have of them.
Ulysse CarionGitLab and others are affected. The blame lies in the SAML specification, and in credulous engineers that implement it.
Ulysse CarionThe SAML spec is an absolute beast. We've each read it multiple times. Here's a simpler explanation.
Ned O'Leary