As you know, based on a few of the tutorials that I’ve published recently, I have a YubiKey that I’ve been learning how to take full advantage of. In previous tutorials I demonstrated how to implement U2F in your web application, but most YubiKey devices do so much more than just U2F authentication. For example, the YubiKey NEO and YubiKey 5 have support for U2F, FIDO2, OpenPGP, OTP, and a bunch of other crazy technologies.
In this tutorial, we’re going to explore using the YubiKey as a smart card for storing our PGP signing, encryption, and authentication subkeys.Read More
Not too long ago I had written a tutorial titled, U2F Authentication with a YubiKey Using Node.js and jQuery, which demonstrated how to use hardware keys as a means of universal two-factor (U2F) authentication. However, I had left some things to be desired in that previous post. For example, the previous tutorial did not use proper session management with Express.js and it used jQuery, which is neat, but by no means is as popular as some of the other web frameworks that currently exist.Read More
About a week ago I had written about using HTTPS with Node.js and hinted at hardware based two-factor authentication as my reason for needing it. In case you’re unfamiliar with 2FA, there are numerous approaches ranging from HMAC-based one-time passwords (HOTP) and time-based one-time passwords (TOTP) which are software based, to the hardware based universal two-factor (U2F) standard.
If you’ve been keeping up with the blog, you’ll remember I had written a tutorial titled, Implement 2FA with Time-Based One-Time Passwords in a Node.js API, which focused on the software side of things. I recently picked up some YubiKey dongles and thought I’d try my luck with the hardware side of things.
In this tutorial, we’re going to see how to implement U2F functionality in our Node.js powered RESTful API and interact with the API and our hardware dongles using jQuery in the web browser.Read More
You’re about to release your new Angular web app. It’s a photo sharing site and you want to test it, so you send a link to it to your hacker sister. She’s always messing with your stuff and she found out the URL to your admin page you added to your web app. Before you know it, she’s flushed your database using a button on that admin page that you didn’t restrict access to. Not a problem when using development data - but I’m sure your users wouldn’t be any too keen on a service where they lost all of their data. Let’s fix thatRead More
More than a year ago, before I started using Angular, I had written a tutorial on the topic of fingerprint authentication in a core NativeScript application. Since then, I’m doing almost all of my mobile development with Angular which means that the previous article deserves an upgrade.
I recently released a mobile application called Solar Flare for Cloudflare that protects your account with device level fingerprint authentication. We’re going to see how I included fingerprint authentication, sometimes referred to as touch id, in a NativeScript with Angular application.Read More
Most, not all, mobile applications have some sense of users having accounts. This means that users need to register and sign into most mobile applications to get all the features the application has to offer. So how do you create an attractive and functional login and registration screen for your Android and iOS application?
We’re going to see how to create a registration and login screen with NativeScript and Angular that will get you to an end result of a protected page within your application.Read More
Not too long ago I wrote about authenticating within a Node.js API using Json Web Tokens (JWT). The basis of the example is around authenticating via a username and password and receiving a JWT for every future request against the API. While that example is incredibly useful and follows best practice, it doesn’t cover the scenario where you’d like to have a two-factor authentication (2FA) option for your users. In case you’re unfamiliar, 2FA is a second layer of protection for accounts made possible by a time-based token generated by a shared secret key.
We’re going to see how to add a two-factor authentication option to our Node.js API while continuing to use Json Web Tokens.Read More