Blog
Security
/ 8 Jan, 2025Protecting against malicious OAuth 2.0 applications
Several Chrome extension developers were compromised in recent weeks by an attack seeking to create a backdoor in the extensions. The root cause of the breach was a phishing email that leveraged OAuth 2.0/OIDC to steal the user credentials. This blog post explores the details of such attacks and how SlashID can help detect them and contain the blast radius.
Security
/ 8 Jan, 2025Protecting against malicious OAuth 2.0 applications
Several Chrome extension developers were compromised in recent weeks by an attack seeking to create a backdoor in the extensions. The root cause of the breach was a phishing email that leveraged OAuth 2.0/OIDC to steal the user credentials. This blog post explores the details of such attacks and how SlashID can help detect them and contain the blast radius.
New Feature
/ 7 Nov, 2022Introducing Data Vault - Secure HSM-backed PII storage directly from the frontend
Today we are releasing Data Vault, which allows the safe and compliant storage of sensitive user data directly from the frontend. Data Vault takes care of data localization and protection transparently, without having to build ad-hoc infrastructure to handle encryption or key management and rotation.
New Feature
/ 1 Nov, 2022Social logins in 5 minutes or less
Today we are releasing our OpenID Connect (OIDC) SSO module which you can use to add Social logins and OIDC-compatible SSO to your app in less than 5 minutes. Social logins can significantly boost user registration - for instance, Pinterest reported a 47% registration increase after adding Google One Tap to their website.
Deep Dives
/ 20 Oct, 2022App-layer cryptographic primitives for secure storage of user data
In this blogpost we explore the cryptographic primitives and design decisions we made building our Data Vault module. Our service is a globally replicated, field-level encrypted, data store to keep user data safe and compliant with Data Protection laws while improving UX by decreasing latency through data locality.
Deep Dives
/ 23 Sep, 2022The good, the bad and the ugly of Apple Passkeys
The widely anticipated Apple passkeys launch happened just a few weeks ago with the iOS 16 release. Passkeys are a cross-device extension of FIDO credentials compatible with WebAuthn. They address the main UX issue of WebAuthn, cross-device credentials. In this article we’ll explore the Apple passkeys implementation, how passkeys compare to traditional FIDO credentials and why the decision of Apple to get rid of device attestation and resident keys is a significant step back for security.
Compliance
/ 14 Sep, 2022The Security and Regulatory Compliance Benefits of WebAuthn
The WebAuthn standard helps you stop phishing and account takeover (ATO) attacks while maintaining HIPAA and SCA compliance. WebAuthn is significantly safer than passwords, due to the way the keys are stored and because it prevents credential stuffing and reuse attacks.
Security
/ 12 Sep, 2022Phishing Attacks – WebAuthn to the rescue
Authentication token theft is on the rise, with the latest Uber breach demonstrating yet again the threat that it poses. WebAuthn significantly reduces user experience friction and hence allows for more frequent authentication prompts, offsetting the need for long-lived tokens and significantly curbing the risk of phishing.
