ReBAC’s Back, Alright
Auth Thoughts is a monthly newsletter produced by Team Descope, the collective consciousness of everyone at Descope . Read on for a monthly roundup from the world of identity and authentication.
What do authorization and coffee beans have in common?
They are both better when they are fine-grained.
Please don’t stop reading the newsletter, we apologize for the bad joke, it has been a long year, etc. But seriously, flexible access control can be a godsend for developers and IT teams looking to provide users with a frictionless and secure experience (without needing a 1000 different roles).
A few weeks ago, we launched Descope Fine-Grained Authorization to help customers easily add ReBAC and ABAC capabilities to their apps. With our SDKs and APIs, organizations can define and assign permissions based on relationships between entities, enabling them to set up authorization systems that can match the nuances of their business.
Check out Slavik Markovich 's announcement blog and Allen Zhou ’s demo video to learn more about Descope Fine-Grained Authorization.
Descope changelog
To paraphrase a quote from Dory the forgetful fish: “Just keep shipping”. Here are some of the latest product updates from Descope:
?? Go Mach 2: Our Go SDK has broken the sound barrier with the release of the 2.0.0 SDK! Star the repo and read about the enhancements and breaking changes before migrating.
?? Error handling in Flows: Create custom user paths to deal with errors encountered in your user journey. Make your “unhappy flows” as happy as possible by providing users the right information and redirecting them appropriately.
?? Device fingerprinting enhancements: Add native fingerprinting capabilities in your Descope workflows. Collect signals to enable risk-based MFA processes (e.g. logging in from a new device or through a VPN).?
?? Test your connectors: Test your third-party connectors right in the Descope console to cover all edge cases before you add them in production.
Keep an eye on our changelog for ongoing product announcements. Have questions? Join our community and visit the #ask-a-descoper channel.
Concept corner
We’re always happy to talk auth when given the chance. Here are some refreshers and best practices to keep in mind.
?? MFA prompt bombing 101. Prompt bombing allows attackers to bypass MFA protections by getting users to authenticate false MFA prompts. Generally, attackers do this by bombarding users with illegitimate requests. Learn how prompt bombing works .
领英推荐
?? Understanding step-up authentication. Step-up authentication is a process where the user is asked to provide additional evidence of their identity to access sensitive resources, perform higher-risk actions, or behave in other ways that deviate from their typical usage patterns. Learn when to use step-up authentication in your user journey .
Auth off the press
Here’s a recap of what’s been happening in the identity world over the past month.
?? AutoSpill attack steals credentials from Android password managers | BleepingComputer
?? Google OAuth is broken (sort of) | Truffle Security
?? Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login | The Hacker News
Meme of the month
Broken authentication is never funny, but we could all do with some gallows humor from time to time.
The meme above was posted on AuthTown, our open user community for app builders to come together and learn about authentication. We’d love to have you too !
Helpful resources
Thanks for reading Auth Thoughts! If you’d like any other updates from the world of identity and authentication included in this newsletter, please let us know in the comments below.
Here are some other links to have handy:
??? Sign up for a Descope Free Forever account if you want to use our authentication platform.
?? Auth Thoughts , if you want to share this newsletter with others.
?? Documentation , for Descope setup instructions, SDK code snippets, and more.
?? Passwordle , if you have 5 minutes to spare and like word games.
See you in 2024!