Auth for business software (B2B) shouldn’t look the same as auth for consumer software (B2C). In many cases, it actually can’t work the same way.
A lot of modern software uses JSON Web Tokens, which encode data in Base64. It turns out that you can force the Base64 encoding to include certain long words.
People really don't like the way multi-factor authentication (MFA) works. It's a bad user experience. I designed some new, user-friendly MFA techniques.
I visited the login pages for each state’s Department of Motor Vehicles. Here are the worst ones.
2000s XML mania continues to hold modern software back. But there are lasting lessons we can still learn from it.
If you're selling business software, you'll likely run into a customer that wants something called "SCIM." Here's what you need to know.
Timezones are weird. But only finitely so. Here's the exact conceptual model you should have of them.
GitLab and others are affected. The blame lies in the SAML specification, and in credulous engineers that implement it.
The SAML spec is an absolute beast. We've each read it multiple times. Here's a simpler explanation.