TPDP Episode #25: Securing Applications With A Second Factor Of Authentication

I am pleased to announce that the latest episode of The Polyglot Developer Podcast is now available on pretty much every popular podcast network. This episode, which is episode 25 of the show, is all about two-factor authentication (2FA) and the things you should be familiar with when it comes to implementing it in your web applications.

In this episode titled, Securing Applications with a Second Factor of Authentication, I’m joined by Luke Walker who is a Solutions Architect at Yubico. In case you’re unfamiliar, Yubico creates the very popular YubiKey which is often featured on technology news outlets as being an incredible hardware token for protecting users from malicious circumstances.

When it comes to 2FA, there are many approaches. These approaches can consist of SMS, push notifications, time-based one-time passwords, U2F, or even the new FIDO2. If you’re interested in learning about each, this episode of the podcast should give you some insight before you try to implement them.

TPDP Episode #24: Mobile Application Security

I’m pleased to announce that the latest episode of The Polyglot Developer Podcast titled, Mobile Application Security, has been published to iTunes, Pocket Casts, and every other major podcasting network that consumes the feed!

In this episode, which is the 24th episode of the show, I’m joined by first time guest, Rob Lauer, and returning guest TJ VanToll. Both of these guests work for Progress, which is the company behind NativeScript, and you’ll remember that episode 5 was strictly around getting to know what NativeScript has to offer. The focus of this episode isn’t around NativeScript, but around the security of your mobile applications. Just like with web applications, security is important with mobile, even if it isn’t talked about as much.

In this episode you’ll learn about protecting your application source code from reverse engineering, protecting your users data at rest, and securely transferring your data between remote web services.

Use A YubiKey For PGP Signing, Encryption, And Authentication

As you know, based on a few of the tutorials that I’ve published recently, I have a YubiKey that I’ve been learning how to take full advantage of. In previous tutorials I demonstrated how to implement U2F in your web application, but most YubiKey devices do so much more than just U2F authentication. For example, the YubiKey NEO and YubiKey 5 have support for U2F, FIDO2, OpenPGP, OTP, and a bunch of other crazy technologies.

In this tutorial, we’re going to explore using the YubiKey as a smart card for storing our PGP signing, encryption, and authentication subkeys.

Manage Passwords With GPG, The Command Line, And Pass

There are a lot of password managers on the market, some in the cloud, some local, all with features that may or may not be useful in all circumstances. I’m personally an advocate of being in control of your secure information and shedding reliance on closed source or cloud alternatives. This is why I use pass, the standard unix password manager.

The pass application is Mac and Linux compatible, but Windows support probably isn’t impossible. The application works by maintaining a list of password files that have been encrypted using GPG, a widely used cryptography software. Decrypting the files will result in access to your password information.

We’re going to take a look at using pass and see why it is a convenient option for password management.

TPDP Episode #15: Authorizing Access with OAuth

I am pleased to announce that the latest episode of The Polyglot Developer Podcast is now available to download from all the popular podcasting networks. In this episode titled, Authorizing Access with OAuth, I’m joined by Ryan Chenkie from Auth0 to talk about OAuth and how it can be used to authorize access to your data by third-party applications.

Episode #15 can be downloaded for free from iTunes, Pocket Casts, and every other popular network, but it can also be heard below.