SlashBlog

No-code anti-phishing protection of internal apps with Passkeys
Phishing is one of the most common causes of data breaches. According to Verizon's DBIR report, over 50% of incidents start with phishing or stolen credentials. WebAuthn/Passkeys are an effective way to stop phishing and credential stealing attempts on their tracks.


Firewalling OpenAI APIs: Data loss prevention and identity access control
Large Language Models (LLMs) have taken the world by storm, and they are now used for many tasks by consumers and enterprises alike. However, the risk of accidentally disclosing sensitive data to the models is very high as the recent Samsung case shown.


Ditch your organizations table
Suborgs make it effortless and secure to implement complex identity structures such as multi-tenancy B2B apps and multi sided marketplaces.


Protecting Exposed APIs: Avoid Data Leaks with SlashID Gate and OPA
Adequately protecting APIs is key to avoid data leaks and breaches.


Docusaurus - Authentication and authorization with SlashID
The latest docusaurus-slashid-login theme adds finer grained access control to your Docusaurus website.


Authenticate your Shopify customers with SlashID
The new SlashID Login app for Shopify lets your customers authenticate seamlessly using quick and safe methods like passkeys, social login and magic links.


Synchronous Webhooks
We are excited to release synchronous webhooks, the latest addition to our webhooks features.


SlashID Analytics Webhooks
We are excited to release SlashID analytics and webhooks, providing greater visibility and actionable insights into your authentication flows.


Passkeys - Threat modeling and implementation considerations
In this blog post, we review the current state of the technology from a security standpoint and we’ll discuss some critical aspects of passkey implementation.


Authentication flows with SlashID
Implement MFA and Step-Up Authentication in React applications with SlashID.


Using Google Tink to sign JWTs with ECDSA
In this blog post, we will show how the Tink cryptography library can be used to create, sign, and verify JSON Web Tokens (JWTs), as well as to manage the cryptographic keys for doing so.


React SDK support for <Groups>
With the latest React SDK release we are introducing a new control component, <Groups>. You can use <Groups> to conditionally render parts of the UI depending on whether the authenticated user belongs to specific Groups.


Sign-in and Sign-up React component release
Today we’re happy to announce the next step in that journey to deliver a streamlined, low friction onboarding experience to our customers with the release of our sign-up/sign-in form component.


Fetching Google Groups with SlashID SSO
Use SlashID to fetch Google Groups as part of a user authentication flow.


In-browser HSM-backed Encryption with Tink and Wasm
This post explores how to use Wasm to lift Tink to JavaScript and how you can leverage it to perform client-side encryption directly from the browser, backed with a master key stored in a HSM.


Official React SDK release
Today we’re excited to announce the public release of the official SlashID React SDK


Adding Identity to Docusaurus
Today we are releasing the docusaurus-slashid-login theme as well as a fork of docusaurus-openapi-docs.


Introducing Data Vault - Secure HSM-backed PII storage directly from the frontend
Today we are releasing Data Vault, which allows the safe and compliant storage of sensitive user data directly from the frontend.


Social logins in 5 minutes or less
Today we are releasing our OpenID Connect (OIDC) SSO module which you can use to add Social logins and OIDC-compatible SSO to your app in less than 5 minutes.


App-layer cryptographic primitives for secure storage of user data
In this blogpost we explore the cryptographic primitives and design decisions we made building our Data Vault module.


The good, the bad and the ugly of Apple Passkeys
The widely anticipated Apple passkeys launch happened just a few weeks ago with the iOS 16 release.


The Security and Regulatory Compliance Benefits of WebAuthn
The WebAuthn standard helps you stop phishing and account takeover (ATO) attacks while maintaining HIPAA and SCA compliance.


Phishing Attacks – WebAuthn to the rescue
Authentication token theft is on the rise, with the latest Uber breach demonstrating yet again the threat that it poses.
