Industry Insight

Two-factor authentication (2FA) is a form of multi-factor authentication (MFA), and is also known as two-step authentication or two-step verification. 2FA is a security measure that requires end-users to verify their identities through two types of identifiers to gain access to an application, system, or network. Think of your most recent login…

Being authentic is a high term of praise—if we think people are authentic, we believe them to be trustworthy, loyal, and dependable. There's a similar concept in computer security. Business networks are crucial to protect, so firms want only authorised people accessing them. In cybersecurity, authentication means verifying that a person or device…

What Is the Domain Name System (DNS)?  The domain name system (DNS) makes it possible for browsers, apps, and servers to load internet resources. Think of it like a phonebook—except instead of associating a person’s name with a phone number, it maps a domain name (e.g., okta.com) to an internet protocol (IP) address that can be understood by…

Microservices architecture, also known simply as “microservices,” is an approach to building software with modular services that are distinct and independent from each other.  In recent years, microservices have become a popular choice for designing and deploying applications. They allow apps to be broken into smaller and loosely coupled pieces …

SMS authentication—also known as SMS-based two-factor authentication (2FA) and SMS one-time password (OTP)—allows users to verify their identities with a code that is sent to them via text message. A form of two-factor authentication, it often acts as a second verifier for users to gain access to a network, system, or application, and is a good…

Viruses, spyware, and other malware can affect more than just desktop computers and laptops. Mobile devices are vulnerable as well. As the threat landscape continues to evolve, it’s important that we not only understand these risks—but how we can protect ourselves against them.  In this post, we’ll take a closer look at the mobile phone security…

API is an acronym that stands for “application programming interface,” and it allows apps to send information between each other. While there are numerous protocols and technologies involved, the underlying purpose of APIs is always the same: to let one piece of software communicate with another.  APIs (sometimes described as web services) work in…

Attribute-based access control (ABAC) is an authorisation model that evaluates attributes (or characteristics), rather than roles, to determine access. The purpose of ABAC is to protect objects such as data, network devices, and IT resources from unauthorised users and actions—those that don’t have “approved” characteristics as defined by an…

Magic links are a form of passwordless login. Instead of the user entering any login credentials to sign in, they are sent a URL with an embedded token via email, and sometimes via SMS. Once the user clicks that link to authenticate, they are redirected back to the application or system having successfully signed in—as if they used a “magic”…

Whether you’re building a new app or migrating a legacy app to the cloud, you face a choice: build everything in-house or selectively use out-of-the-box services to make the job easier and faster. Out-of-the-box services like Twilio, for messaging, and Braintree, for payments, have gained popularity because they help lean dev teams remain agile…