# Stytch - [LLMs Full](https://stytch.com/llms-full.txt): Full list of Stytch URLs for LLM crawling. - [Docs LLMs](https://stytch.com/docs/llms.txt): Key docs URLs for LLM indexing. - [Docs LLMs Full](https://stytch.com/docs/llms-full.txt): Complete docs URL set, including less prominent pages. - [We've moved!](https://stytch.com/blog/weve-moved/): Today, the Stytch team in SF officially moves into its new home at 555 Montgomery Street. - [Connected Apps](https://stytch.com/connected-apps): Enable your app as an IdP for secure cross-app integrations, data sharing, AI workflows, cross-device login, and app marketplaces—all with Stytch Connected Apps. - [Landing Email Magic Links in your user's inbox](https://stytch.com/blog/landing-email-magic-links/): Stytch Email Magic Links (EMLs) enable one-click email login to sites and applications. As one of Stytch’s most popular products, much of what makes EMLs “magic” for users is the seamless authentication experience of a simple click-through from their inbox. - [MCP authentication and authorization implementation guide](https://stytch.com/blog/MCP-authentication-and-authorization-guide/): A practical, end-to-end guide to implementing secure authentication and authorization for AI tools using the Method Calling Protocol (MCP) and OAuth 2.1. Covers discovery endpoints, token flows, user consent, permission checks, and real-world integration patterns for MCP servers. - [What are SAML assertions?](https://stytch.com/blog/saml-assertions/): In this article, we explore the XML structure and lifecycle of SAML assertions and how they’re used in authentication and authorization scenarios. You’ll also learn about the possible errors you might encounter when working with SAML assertions, and how to debug and troubleshoot these errors. - [Managing user sessions: localStorage vs sessionStorage vs cookies](https://stytch.com/blog/localstorage-vs-sessionstorage-vs-cookies/): In this article, we explore the differences, benefits, and drawbacks of using web storage and cookies to store auth data like sessions and tokens. - [How Apple’s passkeys just brought us one step closer to a passwordless internet](https://stytch.com/blog/what-apple-passkeys-mean-for-passwordless/): Apple announced their new passkeys feature, a next-gen approach to authentication that’s set to launch with iOS 16 and macOS Ventura this fall. - [Introducing the Stytch MCP Server](https://stytch.com/blog/stytch-mcp-server/): Stytch’s hosted MCP Server lets AI agents and developers configure OAuth auth flows programmatically—no dashboard required. Try it at mcp.stytch.dev. - [Introducing B2B Auth School](https://stytch.com/blog/intro-b2b-auth-school/): Introducing B2B Auth School, Stytch’s crash-course designed to help B2B companies’ uplevel their auth game and upmarket growth. - [Stytch Q3 wrap-up](https://stytch.com/blog/q3-wrap-up/): It was a busy summer at Stytch. Here’s a recap of key new products and features we released in the identity & access management space in Q3 2022. - [Engaging users with embedded authentication](https://stytch.com/blog/engaging-users-with-embedded-authentication/): Today, we’re launching a new product, Embeddable Magic Links, to give you the option to own even more of your login and user engagement experiences. - [It's a Stytchiversary! Meet Shane O'Neill!](https://stytch.com/blog/its-a-stytchiversary-meet-shane-oneill/): It's a Stytchiversary! Meet Shane O'Neill! - [Why email verification is crucial for B2B applications](https://stytch.com/blog/why-email-verification-is-crucial-for-b2b-apps/): Email varification protects businesses, their customers, and their sensitive data from a myriad of potential security threats. We will explore those threats and key considerations on how to verify email addresses in this article. - [Behind the scenes with Vessel: designing a brand for the first-ever passport for the internet](https://stytch.com/blog/designing-the-vessel-brand/): Vessel is a secure browser extension that works as a digital identity and multi-chain wallet rolled into one. - [What is a reverse proxy?](https://stytch.com/blog/what-is-a-reverse-proxy/): Explore the foundational role of reverse proxies in web security. Understand how they work in tandem with device fingerprinting to strengthen security and protect against advanced cyber threats while improving the user experience. Dive into the benefits and limitations, and learn how to integrate them into your security strategy. - [Introducing Passkeys authentication](https://stytch.com/blog/introducing-passkeys-authentication/): An overview of Stytch's passkey product, and the nuances in setting up passkey authentication today - [Vessel + Ratio: making crypto accessible](https://stytch.com/blog/vessel-ratio-making-crypto-accessible/): Ratio is on a mission to make crypto as accessible as possible, by making adding money to your crypto wallet as easy as adding money to Venmo or Cash App. - [SDK vs. API: What's the difference?](https://stytch.com/blog/what-is-an-api-what-is-an-sdk-and-whats-the-difference/): Modern software development kits (SDKs) and application programming interfaces (APIs) make it easier for developers to integrate key features and functionalities into their apps. - [How to prevent account takeover (ATO) and improve user authentication](https://stytch.com/blog/improve-user-authentication-to-prevent-data-breaches/): Learn how poor user authentication can lead to account takeover, and steps you can take to ensure your security and identity are protected and not at risk. - [Auth0 2024 Pricing Update: What They’re Hiding About the Real Cost](https://stytch.com/blog/auth0-2024-pricing-update/): Learn about Auth0’s recent 2024 pricing changes and how they impact enterprise and startup customers. Despite some promising updates, the new terms reveal several hidden costs and restrictions that could lead to significant price increases as your usage grows. - [An engineer’s guide to mobile biometrics: Android Keystore pitfalls and best practices](https://stytch.com/blog/android-keystore-pitfalls-and-best-practices/): In this article, we’ll show you the best practices and pitfalls when implementing mobile biometrics in the Android ecoystem. - [Announcing our seed round](https://stytch.com/blog/announcing-our-seed-round/): Announcing our seed round, a $6 million seed round led by Benchmark in the summer of 2020. - [Identity security: The key to access, compliance and trust in the digital era](https://stytch.com/blog/what-is-identity-security/): Learn all about identity security, and how to leverage it to protect your app from malicious actors. - [JWTs vs. sessions: which authentication approach is right for you?](https://stytch.com/blog/jwts-vs-sessions-which-is-right-for-you/): JWTs vs. sessions: which authentication approach is right for you? - [Stytch User Impersonation: Fast, secure troubleshooting](https://stytch.com/blog/stytch-user-impersonation/): Today, we’re excited to announce User Impersonation, allowing you to log in to your applications as a specific end user account to help you troubleshoot and debug securely. It's often challenging to reproduce complex customer issues, and sharing screenshots only gets you so far — now, with a click, you can securely log in as any user and directly interact with your application as them, giving your support teams a powerful tool for troubleshooting. User Impersonation also comes with granular access controls, including audit logs and a limited session length to ensure you can conduct investigations into bugs with secure safeguards. - [SAML example: what is SAML and how do you use It?](https://stytch.com/blog/saml-example-what-is-saml-and-how-do-you-use-it/): Learn how SAML single sign-on (SSO) works with real-world examples, including a full authentication flow using Microsoft Entra ID and Salesforce. Get step-by-step guidance, XML breakdowns, and implementation tips with sample code. - [Anatomy of a strong password](https://stytch.com/blog/strong-passwords/): A breakdown of what does and doesn’t make a strong password, and how you can protect your users with some simple, modern tooling. - [A founder's guide to hiring engineers](https://stytch.com/blog/a-founders-guide-to-hiring/): People are everything when it comes to building a company; here's how we think about hiring great people. - [Engineering the engineering team](https://stytch.com/blog/engineering-the-engineering-team/): On stage at Slush with Otto Hilska, Julianna Lamb, Stytch co-founder and CTO, unpacks the toolbox for building and leading engineering teams. - [Scalper bots: The box office boom no one wants](https://stytch.com/blog/scalper-bots/): These malicious bots are a significant threat that can mimic human users and disrupt online platforms by buying up products and tickets at an alarming rate. - [Connecting AI agents to every app](https://stytch.com/blog/connecting-ai-agents-to-every-app/): In a world increasingly driven by AI, applications are no longer just tools—they’re becoming platforms. Platforms that empower users, other apps, and now AI agents to collaborate seamlessly in ways we’re only beginning to understand. At Stytch, we’ve been thinking deeply about what it means for an app to open itself up as an Identity Provider (IdP), enabling AI agents to act on behalf of users in a secure, permissioned, and programmatic way. This vision is embodied in our Connected Apps product, a powerful and easy way for any application to become its own IdP and unleash new possibilities, both agentic and non-agentic. - [Migrate](https://stytch.com/migrate): Zero downtime migration, hands-on developer support, and a wide-range of tools and tutorials to help you easily switch to Stytch. - [Foundations of scalable B2B auth](https://stytch.com/blog/foundations-scalable-b2b-auth/): The foundations of your app's B2B auth solution can make or break your growth trajectory. Learn what to do, and what to avoid. - [How compromised passwords lead to data breaches](https://stytch.com/blog/how-compromised-passwords-lead-to-data-breaches/): Compromised passwords can lead to data breaches and hackers accessing personal information. Here are solutions to create strong passwords and authenticate users. - [Authentication vs. authorization: what you need to know](https://stytch.com/blog/authentication-vs-authorization/): Both authentication and authorization are critical for session management. Let's look at how they're different, and how they work together. - [IdP- vs SP-initiated SSO](https://stytch.com/blog/idp-vs-sp-sso/): IdP and SP initiated SSO may appear similar on the surface, but a few differences result in critical vulnerabilities for B2B customers. - [5 Lessons for founding designers: what I’ve learned in my first year at Stytch](https://stytch.com/blog/5-lessons-for-founding-designers/): I lead a seven-member design team that’s split across product design, brand design, and research and partners with just about every other department. - [Pricing](https://stytch.com/pricing): Build modern authentication in minutes with simple and flexible pricing that scales with your business. Get rewarded as you grow with Stytch today! - [What is device fingerprinting, and how does it work?](https://stytch.com/blog/what-is-device-fingerprinting/): Device fingerprinting is an increasingly popular way to prevent fraud by identifying devices that are accessing a website or application. - [One-Time Password (OTP) bots: what they are and how to stop them](https://stytch.com/blog/otp-bots/): Learn all about the bots that are enabling faster, more effective OTP hacking, and what you can do to stop them. - [Turned to Stytch for simple, streamlined authentication flows](https://stytch.com/customer-stories/gather): Virtual learning platform Gather streamlines authentication with Stytch’s flexible, frictionless solutions. - [From Auth0 to Stytch in just one week](https://stytch.com/customer-stories/orb): Learn how Orb, a developer platform that's revolutionizing billing, went from Auth0 to Stytch in just one week. - [What is SaaS integration and why should developers consider it?](https://stytch.com/blog/what-is-saas-integration/): This article delves into the capabilities, use cases and challenges of SaaS integration and what to look for in SaaS providers when building your own business or applications – especially for complex B2B and SaaS-centric projects leveraging many different SaaS solutions at scale. - [It's a Stytchiversary with Cass Roulund!](https://stytch.com/blog/its-a-stytchiversary-with-cass-roulund/): It's a Stytchiversary with Cass Roulund! - [What is OpenID Connect (OIDC)?](https://stytch.com/blog/what-is-openid-connect-oidc/): OIDC is an authentication layer built on top of the OAuth protocol used to power B2B auth solutions like SSO. Here's a full breakdown. - [Announcing Stytch's $90M Series B at a $1B Valuation](https://stytch.com/blog/announcing-series-b/): Announcing Stytch's $90M Series B at a $1B Valuation - [Browser fingerprinting: implementing fraud detection techniques in the era of AI](https://stytch.com/blog/browser-fingerprinting/): Discover how browser fingerprinting works, why it’s essential for modern fraud detection, and how to implement it effectively. Learn about the limitations of DIY JavaScript solutions, how AI-powered threats are evolving, and how Stytch provides a simpler, more secure alternative. - [What is SIM-swap scam, and how can you protect your users against one?](https://stytch.com/blog/sim-swapping/): Learn all about SIM-swap scams – an increasingly popular kind of attacks targeting the passwordless authentication method SMS OTPs. - [Unified mobile biometrics: ship faster, support everyone](https://stytch.com/blog/unified-mobile-biometrics/): Stytch’s pre-built mobile UI now comes with Touch ID, Face ID, and Android Biometric Prompt baked in. - [Designing Passwords in the Stytch SDKs](https://stytch.com/blog/designing-passwords-in-the-sdks/): We’ve built on our Passwords API by designing the corresponding UI in our SDKs, taking care of the end-to-end authentication flow so you don’t have to. - [It's a Stytchiversary with Jeremy Kaplan!](https://stytch.com/blog/its-a-stytchiversary-with-jeremy-kaplan/): It's a Stytchiversary with Jeremy Kaplan! - [Keycloak alternatives for enterprise authentication and identity management](https://stytch.com/blog/keycloak-alternatives/): In this article, we’ll briefly overview the benefits and challenges of open-source auth solutions like Keycloak, then dive into the world of closed-source alternatives offering more user-friendliness, support, and maintenance features. - [Enabling consent for AI agents & apps with Connected Apps](https://stytch.com/blog/connected-apps-consent/): Learn why granular consent controls are critical for securing third-party app and AI agent access. Stytch explores the risks of unmanaged OAuth tokens, and how Connected Apps and Organization App Policies give teams the visibility and control they need. - [The rise of cool APIs](https://stytch.com/blog/the-rise-of-cool-apis/): The surge of recent startups in the space, it’s clear that tomorrow’s tech companies will be powered by external APIs. - [Build vs. buy: what to consider when setting up an auth flow](https://stytch.com/blog/build-vs-buy/): Deciding whether to build new software and features in-house or buy an API or SDK solution from a third-party vendor is a question engineers face on a regular basis. - [Generating "humanlike" code for our backend SDKs](https://stytch.com/blog/generating-humanlike-code-for-our-backend-sdks/): In this article, we'll discuss what it takes to make computer-generated code feel "humanlike" for Stytch's backend SDKs. - [Launches no-code forms and flows with Stytch's turnkey solutions](https://stytch.com/customer-stories/feathery): Feathery launches no-code forms and flows with Stytch's turnkey solutions. - [Launched a new loyalty program for devoted charitable users by implementing auth](https://stytch.com/customer-stories/greater-good): Launched a new loyalty program for devoted charitable users by implementing auth. - [Competitor page - Firebase](https://stytch.com/stytch-vs-firebase): Build auth that feels native to your app and proactively removes fraud and abuse. - [Latest](https://stytch.com/blog/category/latest/): Read the latest from the Stytch team - [The journey to ISO 27001 certification](https://stytch.com/blog/iso-27001-certification/): A step-by-step guide to our journey to ISO 27001 certification – what it is, why it matters, and how to do it. - [Handling AI agent permissions](https://stytch.com/blog/handling-ai-agent-permissions/): How do you ensure an AI agent doesn’t overstep its bounds? What happens if it tries to modify something it shouldn’t or accesses sensitive data unintentionally? This article explores how AI agent permissions can go wrong when mishandled using example scenarios and outlines key best practices developers should implement to prevent them. - [B2B Authentication ](https://stytch.com/b2b): Increase conversion, security, and usability with Stytch's authentication platform, SDKs, and API. Easy to use — get started in minutes. - [What is WebAuthn?](https://stytch.com/blog/what-is-webauthn/): In our latest post, we go a level deeper on WebAuthn to share what it is, why it’s so exciting, and what are considerations for implementing it. - [Model Context Protocol (MCP): A comprehensive introduction for developers ](https://stytch.com/blog/model-context-protocol-introduction/): Model Context Protocol (MCP) is an open standard that bridges AI models with external data and services, allowing Large Language Models (LLMs) to make structured API calls in a consistent, secure way. This post will introduce MCP, explain why it’s valuable for connecting AI systems, compare it to existing approaches like ChatGPT plugins and manual API integrations, and dive into its recent support for OAuth-based authentication. We’ll also explore a bit of code to see MCP in action. - [Stytch honored with BuiltIn's 2023 Best Places to Work award](https://stytch.com/blog/stytch-builtin-2023-best-places-to-work-award/): Stytch is honored to be featured in BuiltIn's 2023 Best Places to Work Awards, for startup companies in both San Francisco and New York City. - [Webhooks security best practices](https://stytch.com/blog/webhooks-security-best-practices/): In this article, we’ll explore the most common webhook security best practices for handling webhooks in production. - [A developer’s guide to RFC 7519, part 1: JWT structure and claims](https://stytch.com/blog/rfc-7519-jwt-part-1/): This article series will cover everything you need to know about JWTs—from the foundational principles in RFC 7519 to example implementations in Node.js. In this first entry, we’ll break down what JWTs are, when to use them, and their data structure. - [Turns flexible and scalable auth into seamless logins for a growing startup community](https://stytch.com/customer-stories/contrary): Learn how a tech-forward venture fund scales its auth flows with Stytch's flexible product suite. - [B2B SaaS applications: A comprehensive overview](https://stytch.com/blog/b2b-saas-applications-a-comprehensive-overview/): Explore the intricacies of building B2B SaaS applications with a focus on the essential technologies like cloud services, APIs, and DevOps strategies that drive scalable, secure solutions. This comprehensive guide delves into overcoming development challenges and harnessing trends like AI and serverless computing to innovate in the B2B SaaS space. - [How just-in-time authentication boosts security and conversion](https://stytch.com/blog/how-just-in-time-authentication-boosts-security-and-conversion/): How just-in-time authentication boosts security and conversion - [How we (re)made Passwords for next-generation auth](https://stytch.com/blog/making-of-passwords/): Take a look behind the scenes at Stytch, and discover how we built our new Passwords solution to reduce friction and improve security online. - [Admin Portal](https://stytch.com/admin-portal): Increase conversion, security, and usability with Stytch's authentication platform, SDKs, and API. Easy to use — get started in minutes. - [SAML certificates explained](https://stytch.com/blog/saml-certificates/): In this article, you’ll learn about SAML certificates and how identity providers and service providers use them to maintain the integrity and authenticity of SAML messages. We’ll also explore the structure of SAML certificates to show you how signing certificates may differ from encryption certificates based on key usage. - [What is attribute-based access control (ABAC)](https://stytch.com/blog/what-is-abac/): Explore attribute-based access control (ABAC) in our post: understand its architecture, core principles, use cases, and challenges. - [Auth0 reviews: Why developers migrate from Auth0 to Stytch](https://stytch.com/blog/auth0-reviews/): In this article, we’ve compiled some of the most common reasons why developers migrate from Auth0 to Stytch for authentication. We’ve collected and cited comments from blog posts, Reddit, Twitter, Hacker News, G2, StackOverflow, and Auth0’s community forum to bring you unfiltered opinions from actual Auth0 developers on why they made the switch—in their own words. - [Campaign LP: DIY Auth](https://stytch.com/lp/campaign-diyauth): Explore how modern teams are replacing homegrown auth with scalable, agent-ready solutions. Book a call to learn more and claim your custom brick mini-me. - [The importance of investing in unphishable authentication](https://stytch.com/blog/investing-in-unphishable-authentication/): Learn how unphishable MFA like WebAuthn can help you prevent the data breaches like the ones that recently targeted Uber, Twilio, and Okta. - [So you want to write an Engineering career ladder?](https://stytch.com/blog/engineering-levels/): So you want to write an Engineering career ladder? - [What is TOTP and why does it matter?](https://stytch.com/blog/what-is-totp/): TOTP stands for time-based one-time passcodes. Learn about why it’s an important two-factor authentication option to uplevel your app’s security. - [FinanceNow demo app - powered by Argyle, Unit, and Stytch](https://stytch.com/blog/financenow-app-powered-by-argyle-unit-and-stytch/): When Argyle, a startup building amazing tooling for developers around employment and income data, reached out to Stytch with some login flow questions for a new demo app they were working on, we knew we had to partner with them. - [Do passkeys live up to the hype?](https://stytch.com/blog/passkeys-hype/): Do passkeys live up to the hype? - [Stytch Talks with Enzo Avigo: Building a high-performing B2B sign up flow](https://stytch.com/blog/stytch-talks-with-june-analytics/): Discover top insights from our recent webinar on the value of optimized onboarding, with June Analytics CEO and co-founder Enzo Avigo. - [Stytch Fraud & Risk Prevention: Intelligent Rate Limiting, real-time monitoring, and more](https://stytch.com/blog/stytch-fraud-and-risk-prevention-major-enhancements/): To kick off Launch Week, we’re excited to announce several major enhancements to Stytch’s Fraud and Risk Prevention solution, providing even stronger security for your app and users while making the platform easier to use. These new features improve on what is already the most accurate and sophisticated fraud and risk prevention platform available. - [Bingrui Tang](https://stytch.com/blog/bingrui-tang/): Bing joined us one year ago and we couldn't be more excited to celebrate her and her contributions to building Stytch's product and culture. - [SSO](https://stytch.com/lp/sso): Enable SSO for your app. Any identity provider. One integration. - [Authentication as a service: Launch faster with stronger security](https://stytch.com/blog/authentication-as-a-service/): Authentication as a service (AaaS) is an authentication platform that you can build on, providing an evolving toolkit of industry-standard, best-practices security technologies that are developed, tested, and maintained by teams of authentication, security, and identity management experts. - [jwts.dev: decode and learn about JWTs in one place](https://stytch.com/blog/jwts-dev-hackathon/): Check out jwts.dev, a site that lets you instantly see what’s hiding inside your JWTs—no shell scripts, no copy-paste decoder workarounds. - [What is fraud prevention?](https://stytch.com/blog/what-is-fraud-prevention/): Learn about the latest developments in cyber fraud, how AI is changing the landscape, and how you can protect your company and customers. - [Balancing security and adoption: preventing account takeover fraud with multi-factor authentication](https://stytch.com/blog/prevent-account-takeover-with-multi-factor-authentication/): Find out how to strike the right balance between keeping your users' data safe and making it easy for them to log in using multi-factor authentication. - [Introducing Log in with Ethereum](https://stytch.com/blog/introducing-log-in-with-ethereum/): Unlock Web3 via Stytch without having to touch a blockchain. - [Unpacking MACH architecture: The future of SaaS development](https://stytch.com/blog/mach-architecture/): Learn about the components of MACH architecture—Microservices, API-first, Cloud-native, Headless—and their impact on SaaS applications. Read how to create agile, scalable, and composable software environments fit for the digital age. Discover the challenges and strategic approaches to MACH adoption, and see how Stytch's authentication platform exemplifies MACH's innovative ethos. - [Stytch Terraform: Now generally available](https://stytch.com/blog/stytch-terraform/): Our Terraform Provider is now v1.0 and officially in GA. This launch makes it easy for teams to automate and scale their identity infrastructure with greater control and flexibility. These features allow you to programmatically manage your Stytch projects via Hashicorp’s Terraform so you don’t have to manually rely on the Stytch Dashboard. You can create new projects, set project password configs, manage public tokens and secrets, or even update your RBAC policy. - [Beating back bot fraud in 2024](https://stytch.com/blog/beating-back-bot-fraud-in-2024/): Understand what bot fraud looks like 2024 and how to prevent it. Dive into various bot fraud types, from account takeovers to fake reviews,Explore what bot fraud might look like in 2024. and understand their impact on businesses. Discover advanced techniques and solutions, like Stytch's bot-resistant authentication, to combat these digital threats effectively. Stay ahead in the fight against bot fraud with our comprehensive analysis and expert insights. - [Securing AI against bot attacks](https://stytch.com/blog/securing-ai-against-bot-attacks/): AI apps like ChatGPT open a world of possibilities – and a world of potential fraud. Luckily, there some tools available today that can help. - [npm-audit for MCP security: A deep-dive on mcp-scan](https://stytch.com/blog/mcp-scan/): Secure the agent supply chain: mcp‑scan hash‑pins every MCP tool, flags malicious changes, and stops threats with a three‑line CI check - [What are one-time passcodes (OTPs)?](https://stytch.com/blog/what-are-otps/): Learn how one-time passcodes (OTPs) can verify a user’s identity without the hassles of a traditional password. - [An introduction to WebAuthn](https://stytch.com/blog/an-introduction-to-webauthn/): “WebAuthn” is one of the most exciting passwordless technologies available to developers and users. - [Account Creation Abuse](https://stytch.com/lp/account-creation-abuse): Complete authentication, authorization and security for AI Agents & LLMs—to prepare your app for what’s next. - [Home](https://stytch.com/home): APIs and SDKs to integrate authentication and security into your app. - [Extending authorization code flows with PKCE](https://stytch.com/blog/authorization-code-flow-with-pkce/): Understand how to enhance security by extending the OAuth 2.0 authorization code flow with PKCE (Proof Key for Code Exchange). - [Stopping an account takeover before it takes a toll](https://stytch.com/blog/account-takeover/): Learn how to prevent and detect account takeover (ATO) attacks, a serious cyber threat where criminals gain unauthorized access to user credentials. This blog explores the evolution of ATO attacks in the AI era, details common techniques like phishing and malware, and offers solutions like multi-factor authentication and strong password policies to enhance security. - [How to securely implement M2M authentication and authorization in Node.js using Stytch](https://stytch.com/blog/how-to-implement-m2m-authentication-and-authorization-in-node-js-using-stytch/): Step-by-step guide: Implementing M2M authentication and authorization in Node.js, using Stytch as OAuth 2.0 server and IDP. - [Privacy Policy](https://stytch.com/legal/privacy-policy): Stytch Privacy Policy - [MCP and OAuth Dynamic Client Registration](https://stytch.com/blog/mcp-oauth-dynamic-client-registration/): The Model Context Protocol (MCP) is quickly becoming the connective tissue between AI agents and the external tools or data they interact with. But with that flexibility comes a need for strong security: How do you make sure that any AI agent trying to connect to your MCP server is trustworthy? And how do you do this in a scalable way when new agents are constantly being created? That’s where OAuth 2.0’s Dynamic Client Registration comes in, which is officially supported in MCP authorization specification. In this post, we’ll explain what Dynamic Client Registration is, how it works, and why it’s essential for authentication between MCP servers and AI agents. - [A founder’s guide to raising your seed round](https://stytch.com/blog/a-founders-guide-to-raising-your-seed-round/): Stytch co-founder and CEO Reed McGinley-Stempel shares his advice on raising your seed round - [SCIM API: Your comprehensive guide and introduction](https://stytch.com/blog/scim-api-your-comprehensive-guide-and-introduction/): The SCIM (System for Cross-domain Identity Management) API is an open RESTful specification that supports standard CRUD operations which can be used to synchronize identity resources across multiple independent systems or domains. - [AI agent security explained](https://stytch.com/blog/ai-agent-security-explained/): Best practices for integrating AI agents into your project and securing against malicious agents - [It's a Stytchiversary! Meet Nikhil Dilip, software engineer](https://stytch.com/blog/stytch-spotlight-nikhil-dilip/): It's a Stytchiversary! Meet Nikhil Dilip, software engineer - [Introducing B2B Authentication](https://stytch.com/blog/introducing-b2b-authentication/): Introducing B2B Authentication - [Grace Baelen-King](https://stytch.com/blog/grace-baelen-king/): Today is a special day, a year ago Stytch became a real team when Grace joined as our first hire! - [TOTP vs SMS: Which one is better for two-factor authentication (2FA)?](https://stytch.com/blog/totp-vs-sms/): A side-by-side look at SMS one-time passcodes vs. time-based one-time-passcodes, and how to choose the right 2FA method for your product. - [Apply by API: Making job applications developer-focused](https://stytch.com/blog/apply-by-api/): Apply to any job at Stytch by sending a simple cURL straight from your terminal. - [Nathan Chiu](https://stytch.com/blog/nathan-chiu/): We're celebrating another Stytchiversary; Nathan joined us a year ago as a product engineer. - [OAuth for MCP explained with a real-world example](https://stytch.com/blog/oauth-for-mcp-explained-with-a-real-world-example/): Learn how the Model Context Protocol (MCP) uses OAuth 2.0 to give AI agents secure, user-consented access to apps and APIs. This deep dive walks through the full authorization flow, explains real-world implementation with Stytch, and shows how to future-proof agent integrations with scoped tokens and dynamic registration - [Optimized their user (and developer) experience with simple one-click logins](https://stytch.com/customer-stories/chessly): Learn how an online chess platform enhanced their user experience and reduced auth-related workloads with Stytch’s integrated product suite. - [What is passwordless authentication?](https://stytch.com/blog/what-is-passwordless-authentication/): Learn how the advanced cybersecurity of passwordless authentication can manage user access without the security and UX risks of a password. - [Built a unified borrower experience with seamless, end-to-end auth](https://stytch.com/customer-stories/flatiron): Learn how an alternative real-estate lender unified their borrower experience with Stytch’s seamless, full-service auth. - [Competitor landing page - WorkOS](https://stytch.com/lp/workos): Build multi-tenant auth purpose built for hyperscaling B2B SaaS. - [What is SOC 1 Type 2?](https://stytch.com/blog/what-is-soc-1-type-2/): An overview of SOC reports, and the specific importance of SOC 1 Type 2 for service organizations and applications. - [What is the purpose of a refresh token?](https://stytch.com/blog/what-are-refresh-tokens/): A look at refresh tokens in authentication flows – when to use them, security risks to look out for, and best practices for implementation. - [10 common cyber attacks](https://stytch.com/blog/10-common-cyber-attacks/): Learn which types of cyber attacks are most likely to target your platform — and what you can do to prevent them. - [Argon2 vs bcrypt vs. scrypt: which hashing algorithm is right for you?](https://stytch.com/blog/argon2-vs-bcrypt-vs-scrypt/): A look at the hashing algorithms Argon2, bcrypt, and scrypt – their benefits, differences, and how to choose the right one for your product. - [An engineer's guide to mobile biometrics: event- vs result-based](https://stytch.com/blog/biometrics-event-vs-result-based/): An engineer's deep dive into mobile biometrics, part two: looking at the implications of event- vs result-based architecture. - [Introducing IsAgent: understand and support AI agents using your site](https://stytch.com/blog/introducing-is-agent/): We’re excited to announce IsAgent, a lightweight tool that helps you identify agentic and programmatic traffic—like LLMs, bots, and browser automations—on your site. - [Log in with Passkeys: an example app using React and Stytch’s frontend SDK](https://stytch.com/blog/log-in-with-passkeys-an-example-app/): In this article, we’ll walk you through a React example app that can log in users in with passkeys, powered by the Stytch frontend SDK and its pre-built UI components. - [Authentication bypass vulnerabilities in node-saml](https://stytch.com/blog/authentication-bypass-in-node-saml/): Authentication bypass in node-saml vulnerability post mortem - [MCP authentication and authorization servers](https://stytch.com/blog/mcp-authentication-and-authorization-servers/): The Model Context Protocol (MCP) is an open standard that bridges LLM models with external data, API, and services. But how do we enable this kind of connectivity without compromising on security or proper authentication best practices? In this post, we’ll cover how authentication works in MCP, the responsibilities of each component, and the key piece that often goes unnoticed—the authorization server. - [Application security in the age of artificial intelligence: adapting to new challenges and opportunities](https://stytch.com/blog/application-security-in-the-age-of-ai/): Recent leaps in AI technology may be exciting for consumers, but they're equally exciting for hackers. Learn how to protect your product. - [Switched to Stytch’s flexible flows in only 4 days](https://stytch.com/customer-stories/boletomovil): Boletomóvil uses Stytch's WhatsApp and SMS passcodes to create a seamless login experience, boosting conversions and delighting users. - [Go big or go home: why it’s never too early to think about enterprise](https://stytch.com/blog/building-for-enterprise-sales/): Enterprise selling requires more than adding a new tier to your pricing page. Here are 5 things you can do today to make the shift into enterprise sales. - [If an AI agent can’t figure out how your API works, neither can your users](https://stytch.com/blog/if-an-ai-agent-cant-figure-out-how-your-api-works-neither-can-your-users/): Discover how LLM‑powered agents act as tireless API testers—exposing friction in docs, errors, and design—and learn six essential strategies (consistency, comprehensive docs, rich errors, example‑driven tutorials, simplicity, and feedback loops) to elevate your API’s developer experience for both humans and machines alike. - [Building an MCP server with OAuth and Cloudflare Workers](https://stytch.com/blog/building-an-mcp-server-oauth-cloudflare-workers/): This article will guide you through how to secure a Model Context Protocol (MCP) server with OAuth for authentication. MCP builds on the robust and widely adopted OAuth standard, allowing users to log in, review requested permissions, and explicitly authorize agents to act on their behalf. We’ll explore a full-stack app with a REST API and an MCP server that uses OAuth for authentication and dynamic client registration to connect to an MCP client—all powering a simple todo list application that’s accessible to both users and AI agents. - [Trusted Auth Tokens: handle any custom auth flow in minutes](https://stytch.com/blog/trusted-auth-tokens/): Easily turn any trusted JWT into a Stytch session with Trusted Auth Tokens—support custom auth standards, speed up integrations, and simplify session management. - [Stytch’s new Javascript SDK](https://stytch.com/blog/stytchs-new-javascript-sdk/): Today, we’re launching our updated JavaScript SDK, a flexible and friendly way to get up and running with Stytch that dramatically reduces the amount of backend code you need to write. - [Rebranding Stytch: A new look for the future of auth and security](https://stytch.com/blog/rebranding-stytch/): Rebranding is much more than just a fresh coat of paint or a shiny new logo—it’s a reflection of where a company has been, where it’s going, and most importantly, how it wants to connect with the people it serves. For Stytch, our recent rebrand represents a step forward not just in design, but in our mission to make authentication simple, secure, and more scalable for everyone. Here’s a look behind the scenes of our rebranding journey and why we believe it’s a milestone worth sharing. - [What is Security Assertion Markup Language (SAML) and how does it work?](https://stytch.com/blog/what-is-saml/): Learn all about Security Assertion Markup Language (SAML) – its history, its benefits, basic code anatomy, and how it actually works. - [Step-up versus multi-factor authentication (MFA)](https://stytch.com/blog/step-up-auth-vs-mfa/): Learn how businesses strive to protect user data with two primary forms of authentication, step-up and multi-factor, and the differences of each. - [Stytch Component Playground: a live UI builder for your next login flow](https://stytch.com/blog/stytch-component-playground/): Introducing the Component Playground—an interactive builder baked into our docs that lets you theme, preview, and copy production-ready UI in minutes. - [What is an enumeration attack?](https://stytch.com/blog/what-is-an-enumeration-attack/): Enumeration attacks are a kind of brute force or credential stuffing attack – the good news is, they’re very preventable. - [SEM LP: Auth0](https://stytch.com/lp/auth0): Build auth that feels native to your app and proactively removes fraud and abuse. - [Stytch + Cerbos + FastAPI: Flexible authentication meets decoupled role and access management](https://stytch.com/blog/stytch-cerbos-demo/): Excited to share this demo by SCerbos that shows how to combine Stytch's authentication solutions with their stateless authorization. - [What is a SAML service provider? How to integrate your app with enterprise Single Sign-On](https://stytch.com/blog/what-is-a-saml-service-provider/): A SAML service provider is a key component of enterprise single sign-on authentication, allowing businesses to integrate your app into their existing authentication system. SAML enables the link between an identity provider and different service providers by sharing authentication information in a standardized format. Adding SAML support to your enterprise app or service can greatly broaden its potential user base, and it is a key requirement for many businesses seeking new SaaS tools. This article explains SAML and what you need to implement a SAML service provider. - [SAML vs LDAP: What's the difference?](https://stytch.com/blog/saml-vs-ldap/): SAML (Security Assertion Markup Language) and LDAP (Lightweight Directory Access Protocol) are both user authentication protocols, but their application and use cases are largely different. - [Anti-spoofing tools and techniques ](https://stytch.com/blog/anti-spoofing/): In this article, we’ll overview preventative anti-spoofing measures, their role in data security, as well as recommend some practical solutions to help you combat them. - [Web3 and the future of data portability: rethinking user experiences and incentives on the internet](https://stytch.com/blog/web3-and-the-future-of-data-portability/): Web3’s fundamental improvements to data portability and user authentication enable new, exciting experiences, but solvable shortcomings remain. - [SSO protocols: SAML vs. OIDC](https://stytch.com/blog/sso-saml-vs-oidc/): SAML and OIDC are the two most common protocols for single sign on. It's important to understand their differences when building auth for B2B. - [Build a custom client portal on Airtable using Sequin, Stytch and Next.js](https://stytch.com/blog/build-custom-client-portal-on-airtable-using-sequin-with-next-js/): Build a custom client portal on Airtable using Sequin, Stytch and Next.js - [SEM LP: Auth0 Pricing](https://stytch.com/lp/auth0-pricing): Build auth that feels native to your app and proactively removes fraud and abuse, all at a lower price. - [Introducing Vessel, powered by Stytch](https://stytch.com/blog/introducing-vessel-powered-by-stytch/): Today we’re proud to launch our first consumer-facing authentication solution: Vessel, powered by Stytch. - [Clearbit accelerates development by replacing in-house auth with Stytch](https://stytch.com/customer-stories/clearbit): Learn how Clearbit (acquired by HubSpot), a B2B data intelligence company, accelerated development by replacing in-house auth with Stytch. - [How to secure model-agent interactions against MCP vulnerabilities](https://stytch.com/blog/mcp-vulnerabilities/): Find out about the top MCP vulnerabilities in 2025 and how you can harden your AI toolchain against them. - [What Is Anonymous Visitor Identification? How to Identify Visitors to your Website or App](https://stytch.com/blog/what-is-anonymous-visitor-identification/): This article explains why it is important to identify website users and explores the processes and technologies you need to implement to make sure that as many visitors as possible are correctly identified. This will let you take the right actions to protect your online assets from hacking attempts, fraud, account abuse, and other malicious activity — without disrupting your regular users. - [What is a common indicator of a phishing attempt?](https://stytch.com/blog/what-is-a-common-indicator-of-a-phishing-attempt/): What is a common indicator of a phishing attempt? - [Announcing our SOC 2 Type II](https://stytch.com/blog/announcing-our-soc-2-type-ii/): Today, we’re excited to announce that Stytch has officially received our SOC 2 Type II certification. - [Auth0 pricing (and four other reasons to choose Stytch)](https://stytch.com/blog/why-stytch-over-auth0/): One of the most common questions we're asked by developers is: "Why should we choose Stytch vs. Auth0?" - [Auth0's Security Incidents: How JWT Vulnerabilities Have Repeatedly Impacted the Platform](https://stytch.com/blog/auth0-security-incidents/): Auth0, a well-known authentication and authorization platform, has experienced its fair share of security incidents, one of the most significant being the alg:nonE re-bug. - [OAuth 2.1 vs 2.0: What developers need to know](https://stytch.com/blog/oauth-2-1-vs-2-0/): Enter OAuth 2.1, an update that consolidates a decade of best practices and lessons learned from the soon-to-be outdated OAuth 2.0 protocol. In this guide, we’ll break down what OAuth 2.1 changes, why it matters, and how to implement its improvements in your own authentication and authorization flows. - [What is SCIM and how does it work?](https://stytch.com/blog/what-is-scim-and-how-does-it-work/): In this article, you’ll learn about the SCIM protocol and how SCIM auto-provisioning works. We’ll explore some examples and use cases of the protocol, and discuss how you can implement SCIM as an enterprise SaaS provider without wasting valuable engineering time and resources. - [Competitor page - Cognito](https://stytch.com/stytch-vs-cognito): Build auth that feels native to your app and proactively removes fraud and abuse. - [AI agent fraud: key attack vectors and how to defend against them](https://stytch.com/blog/ai-agent-fraud/): AI agents are transforming how apps operate—and how attackers exploit them. This guide breaks down the most critical AI agent fraud tactics, from prompt injection to deepfake impersonation, and offers clear strategies for defending against each threat. - [AI Memory with Boundaries: How Spydr Used Stytch to Power their MCP Server](https://stytch.com/customer-stories/spydr): Learn how Spydr Used Stytch to Power their MCP Server - [What is single sign on (SSO) and how does it work?](https://stytch.com/blog/single-sign-on-sso/): Single sign on (SSO) allows members of an organization to access all their apps and services with one set of auth credentials. - [SAML Shield](https://stytch.com/blog/category/samlshield/): Read the latest from the Stytch team - [Consumer Authentication](https://stytch.com/b2c): Build consumer authentication that feels like a seamless part of your app. - [What is unphishable MFA?](https://stytch.com/blog/what-is-unphishable-mfa/): Not all MFA are created equal. Learn how unphishable MFA stops phishing scams in their tracks and keeps your app and user data secure. - [Top strategies to prevent web scraping and protect your data](https://stytch.com/blog/web-scraping/): In this article, we'll go over what web scraping is, its legitimate uses, as well as how it's used for fraud and the top strategies you can implement to safeguard your data from these automated threats. - [The remote dev decision: part one](https://stytch.com/blog/remote-dev-1/): A look at how Stytch decided to migrate to a remote development environment: pros, cons, and the longtail payoff. - [Stytch Embedded Auth vs. Auth0 Universal Login](https://stytch.com/blog/embedded-auth-vs-universal-login/): Designing an effective authentication experience is crucial for ensuring both security and a seamless user journey. One of the key implementation decisions you'll make is choosing between an embedded authentication or universal login architecture. - [Integrating SAML Single Sign-On with Python, Okta, and Stytch](https://stytch.com/blog/integrating-saml-sso-with-python-okta-stytch/): This article will teach you how to set up a SAML SSO login flow using Python with Flask and Stytch. - [Fraud](https://stytch.com/fraud): Stop bots, fraud and abuse with industry-leading accuracy - [Delivered uncompromised UX and improved security with Stytch's backend SDKs](https://stytch.com/customer-stories/delicious-simplicity): Delivered uncompromised UX and improved security with Stytch's backend SDKs. - [What is password hashing?](https://stytch.com/blog/what-is-password-hashing/): Password hashing is a strategy to ensure that passwords are stored securely. In this blog post, we’ll explain what password hashing is, why it’s important, and how Stytch's hashing process helps make our Passwords product as modern and secure as possible. - [Choosing a B2B auth provider](https://stytch.com/blog/choosing-a-b2b-auth-provider/): A step-by-step rundown of what you need to know and what you need to ask when choosing an auth provider for your B2B app - [Make a memorable first impression with messaging from Enveloop + Stytch](https://stytch.com/blog/enveloop-stytch/): Learn how to create beautiful, customer emails that increase engagement and boost conversion by integrating with Enveloop and Stytch. - [Built B2B authentication into their platform in under 2 days](https://stytch.com/customer-stories/mintlify): Built B2B authentication into their platform in under 2 days. - [Stytch Talks with Brian Hale: rethinking user sign-up and login to unlock growth](https://stytch.com/blog/stytch-talks-with-brian-hale/): Check out a recap of our latest webinar, and learn how to optimize your sign-up and login flows to improve user conversion rates, CAC, and LTV. - [Session management best practices](https://stytch.com/blog/session-management-best-practices/): In this article, we explore how web developers can effectively create and manage user sessions on the client and server-side, as well as in typical monolithic and microservices environments, without compromising user experience and security. - [Derek St. Onge](https://stytch.com/blog/derek-st-onge/): We're celebrating the one year anniversary of the creation of our recruiting team with the hiring of Derek St. Onge! - [Danny Thomson](https://stytch.com/blog/danny-thomson/): Today we continue our celebration of our Stytch-iversaries with two of the engineers who helped round out our first Stytch team, Danny and Mary. - [What does compiler theory have to do with auth?](https://stytch.com/blog/what-does-compiler-theory-have-to-do-with-auth/): On a hunch, this engineer considered the following question: what if you transpiled your API definition into client code? - [What is OAuth 2.0?](https://stytch.com/blog/what-is-oauth-2-0/): An introduction to the OAuth 2.0 protocol, one of the most widely used and influential authorization protocols on the web today. - [Launching Drop-in UI support for Web3 Logins with Ethereum and Solana in the Stytch SDK](https://stytch.com/blog/drop-in-ui-support-for-web3-logins-in-the-stytch-sdk/): Launching Drop-in UI support for Web3 Logins with Ethereum and Solana in the Stytch SDK - [Terms of Service](https://stytch.com/legal/terms-of-service): Stytch Terms of Service - [Making auth your growth lever](https://stytch.com/blog/making-auth-your-growth-lever/): Making auth your growth lever - [Stytch’s guide to adding passwordless options for password-based auth flows](https://stytch.com/blog/adding-passwordless-to-passwords/): Learn how you can boost your app’s UX and security by adding passwordless auth options to your password-based flow. - [Why we hack: the culture of company hackathons at Stytch](https://stytch.com/blog/company-hackathons-at-stytch/): Learn how we do company hackathons at Stytch - [What is password salting?](https://stytch.com/blog/what-is-password-salting/): Learn what password salting is, why it is important, best practices and how Stytch solutions create enhanced security. - [Authenticating AI agents via CLI: How Crossmint uses Stytch Connected Apps](https://stytch.com/customer-stories/crossmint): Crossmint slashed setup time by 90% by building a secure, UI-less auth flow for developers and AI agents using Stytch Connected Apps. Learn how scoped tokens, CLI-native OAuth, and future-ready infrastructure enable seamless, autonomous project provisioning—without ever opening a dashboard. - [Bot mitigation software: A fraudster's foil in an automated world](https://stytch.com/blog/bot-mitigation-software/): This blog post addresses the growing challenge of bot attacks, covering various types, including DDoS and credential stuffing. It underscores the importance of bot mitigation software in protecting against these threats, which now constitute a significant portion of internet traffic. The article discusses effective strategies like device fingerprinting and behavioral analysis for detecting and blocking malicious bots. It concludes with a look at the future of bot management and introduces Stytch's Device Fingerprinting as an innovative solution for securing digital applications and businesses against automated attacks. - [What is browser fingerprinting?](https://stytch.com/blog/what-is-browser-fingerprinting/): Browser fingerprinting is a subset of device fingerprinting that pulls data from web browsers to create unique user identifiers. - [Building an app with Stytch and PlanetScale](https://stytch.com/blog/stytch-planetscale-integration/): Building an app with Stytch and PlanetScale - [The definitive guide to choosing a Customer and Identity Access Management (CIAM) solution](https://stytch.com/blog/guide-to-choosing-ciam/): When it comes to customer identity and access management (CIAM), there are a lot of decisions to make. Learn how to think about building or buying a CIAM solution that best fits your business needs. - [What are webhooks?](https://stytch.com/blog/what-are-webhooks/): In this article, we explore webhook architectures and their real-world use cases, potential security best practices, and demonstrate how you can use webhooks to build efficient, event-driven systems. - [Stytch named as top authentication provider by Cybernews](https://stytch.com/blog/stytch-named-top-authentication-provider-by-cybernews/): Stytch’s passwordless-first approach, easy implementation and flexible API and SDKs set it apart as a top authentication and identity management provider. - [Stytch Talks with Jaren Glover: Building high-powered engineering teams](https://stytch.com/blog/stytch-talks-with-jaren-glover/): Five key takeaways on hiring and nurturing top engineers from our interview with Jaren Glover. - [Why Switch to Stytch?](https://stytch.com/blog/why-switch-to-stytch/): Switch to Stytch for authentication, authorization, and fraud prevention. APIs, SDKs, UI components for both consumer and B2B use cases. - [Designing for dark mode](https://stytch.com/blog/designing-for-dark-mode/): How I designed the Stytch website with developer experience in mind. - [Improved conversion by 62% by switching from Auth0 to Stytch](https://stytch.com/customer-stories/lighthouse): Lighthouse sees a 62% improvement in its sign-up conversion rate by switching from Auth0 to Stytch. - [What is identity and access management (IAM)?](https://stytch.com/blog/identity-and-access-management/): Identity Access Management (IAM) allows organizations to assign identities to people and devices, authorize access to assets, and manage these relationships. - [Stytch Talks With Jordan Burris: “The Future of Multi-Factor Authentication (MFA)”](https://stytch.com/blog/stytch-talks-jordan-burris-mfa/): A recap of our live conversation with security expert Jordan Burris, focusing on the future of multi-factor authentication. - [SCIM](https://stytch.com/lp/scim): Automatically sync user and role changes across Okta, Azure AD, and all major corporate directory providers—no custom code required. - [Single Sign-On example](https://stytch.com/blog/single-sign-on-example/): Single sign-on (SSO) gives employees seamless access to multiple company applications with a single login. Given the ever-increasing number of applications we use on a daily basis, it has become a highly requested feature for many of those seeking enterprise software solutions. Besides improved user experience for their employees, organizations have many other compelling reasons for seeking out SaaS applications that support SSO. SSO also helps address poor password practice, offers improved security, centralizes access management for IT, and reduces overall support overhead. In this article, we’ll walk through the process of implementing SSO in your application. We’ll include handy visual diagrams of the key concepts, an introduction to the protocols, single sign-on example code snippets, and discussion about the common challenges you may face along the way. - [Competitor page - Fingerprint](https://stytch.com/stytch-vs-fingerprint): Compare Stytch's device fingerprinting solution vs. Fingerprint.js. Understand which device fingerprinting product is right for your use case. - [Careers](https://stytch.com/careers): Learn more about Stytch as a company, our team, leadership, mission, vision, values, and career opportunities. - [Announcing our $30 Million Series A to make passwords a thing of the past](https://stytch.com/blog/announcing-our-30-million-series-a/): We are thrilled to announce Stytch has raised $30 million in Series A funding led by Thrive. - [How to prevent enumeration attacks](https://stytch.com/blog/prevent-enumeration-attacks/): Learn the best methods for protecting your application against enumeration attacks – while maintaining a seamless user experience. - [Payment Fraud](https://stytch.com/lp/payment-fraud): Stytch Fraud and Risk Prevention detects and blocks threats from users, bots and AI agents—before an order is even placed. - [The complete guide to machine-to-machine (M2M) authentication and authorization](https://stytch.com/blog/the-complete-guide-to-m2m-auth/): Learn all about machine-to-machine authentication and authorization – what it is, how it works, M2M implementation best practices, and where it might fit within your zero-trust security architecture. - [Understanding JWKS: JSON Web Key Set Explained](https://stytch.com/blog/understanding-jwks/): In this article, we explore the role of JWKSs in signing and managing JWTs for secure sessions and API communication. - [Passkey authentication: The cure for password dependency?](https://stytch.com/blog/passkey-authentication-the-cure-for-password-dependency/): Discover the potential of passkey authentication in replacing passwords with our in-depth exploration of this emerging technology. Learn how passkeys, leveraging WebAuthn credentials and cloud syncing, offer enhanced security and user convenience across devices. Understand the challenges and opportunities in adopting this passwordless future, including industry standardization, user education, and practical implementation tips. - [What is whaling phishing and how to prevent whaling attacks](https://stytch.com/blog/whaling-phishing-attacks/): An intro to whaling phishing attacks – who they target, what's at risk, and how to prevent them. - [Passkey vs. password: a new era of secure authentication](https://stytch.com/blog/passkey-vs-password/): Passkey vs. password: a new era of secure authentication - [How to block AI web crawlers: challenges and solutions](https://stytch.com/blog/how-to-block-ai-web-crawlers/): AI crawlers are scouring the web for training data—often without permission. Learn who’s behind the scrapers, how they behave, and the most effective technical and legal strategies for blocking them without hurting real users. - [Stytch Admin Portal: Self-serve management for organizations and enterprise auth](https://stytch.com/blog/stytch-admin-portal/): The Admin Portal is an embeddable and fully customizable suite of UI components within our frontend SDKs, providing out-of-the-box support for everything your customers would need to self-serve manage their account—from configuring a mandatory MFA policy, to setting up their SSO Connection, to automating role assignments for their SCIM Groups. Stytch’s Admin Portal components are powered by the Stytch API and protected via our RBAC product, allowing you to securely offer the full breadth of Stytch’s B2B product suite to your customers. - [The age of agent experience](https://stytch.com/blog/the-age-of-agent-experience/): AI agents are here—from ChatGPT Operator to coding tools like Devin and Lovable, there’s a rapid growth of products that can interact with websites on our behalf. It’s time to start building for a new persona: the autonomous agent. Instead of just designing experiences for human users, we need to think carefully about how machines will access data and perform actions securely, with transparency and user consent. - [Onboarding the next Web3 wave with Crossmint + Stytch](https://stytch.com/blog/onboarding-the-next-web3-wave-with-crossmint-stytch/): Onboarding the next Web3 wave with Crossmint + Stytch - [Managing your users at Stytch](https://stytch.com/blog/managing-your-users-at-stytch/): Managing your users at Stytch - [An engineer's guide to mobile biometrics: step-by-step](https://stytch.com/blog/biometrics-step-by-step/): An engineer's deep dive into mobile biometrics: how they work, how to implement them, and key decisions and pitfalls along the way. - [Stytch vs. Amazon Cognito](https://stytch.com/blog/stytch-vs-amazon-cognito/): But unlike Stytch, Amazon Cognito is limited in its flexibility, reliability and customization — critical factors when it comes to user experience and conversion rates — not to mention its pricing models and tech support. - [Making research an integral part of your product strategy](https://stytch.com/blog/leading-with-user-centered-design-at-stytch/): Making research an integral part of your product strategy - [Preventing contact spam form submissions](https://stytch.com/blog/prevent-contact-form-spam/): Understand the options available to prevent spam form submissions, by using tools such as Device Fingerprinting to detect and stop bots. - [Log in with username](https://stytch.com/blog/log-in-with-username/): Log in with username - [It's a (double) Stytchiversary! Meet Aiden Forrest & Ovadia Harary](https://stytch.com/blog/meet-aiden-forrest-ovadia-harary/): Get the inside scoop on what it's like to work at Stytch. - [SEM LP: Cognito](https://stytch.com/lp/cognito): Build auth that feels native to your app and proactively removes fraud and abuse. - [Introducing Log in with Solana](https://stytch.com/blog/introducing-log-in-with-solana/): Today, we’re excited to announce our second Web3 product: Log in with Solana, allowing seamless, secure authentication across any Solana crypto wallet (Phantom, Glow Wallet, etc.). - [The top 10 password cracking techniques – and how to outmaneuver them](https://stytch.com/blog/top-10-password-cracking-techniques/): Learn about today’s most-used password cracking techniques, and the technologies that can help protect you - [Stytch postmortem 2023-02-23](https://stytch.com/blog/stytch-postmortem-2023-02-23/): Stytch postmortem 2023-02-23 - [JWT claims](https://stytch.com/blog/jwt-claims/): Learn about the types of user data contained in JWT claims. Registered claims and custom claims (both private and public), explained! - [Build a no-code signup & onboarding flow with Feathery + Stytch](https://stytch.com/blog/feathery-stytch/): Learn how to build a seamless signup flow using Feathery's visual editor and Stytch's intuitive auth platform, in just four simple steps. - [It’s a Stytchiversary! Meet Allison Chuang!](https://stytch.com/blog/meet-allison-chuang/): It’s a Stytchiversary! Meet Allison Chuang! - [It's a Stytchiversary! Meet Spyri Karasavva!](https://stytch.com/blog/its-a-stytchiversary-meet-spyri-karasavva/): It's a Stytchiversary! Meet Spyri Karasavva! - [Evaluating Auth0 alternatives for authentication and authorization](https://stytch.com/blog/auth0-alternatives/): Evaluating Auth0 alternatives for authentication and authorization - [How GenomOncology uses Stytch to secure open biomedical APIs for LLMs](https://stytch.com/customer-stories/genomoncology): Learn how GenomOncology secured their serverless BioMCP stack with Stytch - [Protect against password spraying](https://stytch.com/blog/protect-against-password-spraying/): Password spraying is one of the most effective, threatening approaches. While sometimes confused with credential stuffing, password spraying represents a different attack vector targeted at passwords’ weaknesses. - [Stopping fraudsters at signup](https://stytch.com/customer-stories/replit): Learn how Replit stopped fake account creation thanks to fraud prevention from Stytch. - [Open-sourcing SQX, a way to build flexible database models in Go](https://stytch.com/blog/open-sourcing-sqx-a-way-to-build-flexible-database-models-in-go/): Open-sourcing SQX, a way to build flexible database models in Go - [Secure agent access in Remote MCP with Stytch and Cloudflare](https://stytch.com/blog/remote-mcp-stytch-cloudflare/): Stytch has partnered with Cloudflare to help make every application agent-accessible with today’s launch of Remote MCP Authorization in Stytch Connected Apps. - [Webhooks vs APIs](https://stytch.com/blog/webhooks-vs-apis/): In this article, you’ll learn the differences between APIs and webhooks, their respective use cases, implementation patterns, and best practices for leveraging both communication architectures. - [Save time, save the planet–go passwordless!](https://stytch.com/blog/save-time-save-the-planet/): In honor of Earth Day, Stytch conducted a thought experiment to determine how much time (and energy!) you can save by eliminating passwords. - [Canvas fingerprinting: Explained and illustrated](https://stytch.com/blog/canvas-fingerprinting/): Researchers have studied the canvas element and its usefulness in identification as early as 2014. One of the key security applications of the canvas element today is canvas fingerprinting. - [Stytch Connected Apps: Make any app an OAuth provider for integrations and AI agents](https://stytch.com/blog/stytch-connected-apps/): Today we’re introducing Connected Apps—a powerful new feature that makes it easy for your application to integrate with AI agents, third-party apps, and multi-app ecosystems. With Connected Apps, your application can become an OAuth 2.0 identity provider and delegate access and permissions to build seamless integrations with other first-party and third-party applications. - [Spotting the spoof: User agent spoofing unmasked](https://stytch.com/blog/user-agent-spoofing/): This article will focus on user agent spoofing and how it can be a particular threat to individuals and businesses in the hands of fraudsters. We’ll dive into what user agents are, how spoofing works, the common ways in which this type of fraud is carried out, and how to prevent user agent spoofing using the latest fraud and authentication technology. - [Stytch events with Orb: securing and pricing AI products](https://stytch.com/blog/stytch-orb-securing-and-pricing-ai-products/): Stytch got together with Orb to discuss the future of AI – how to build great products in this space, and how to protect them from fraud. - [The age of agent experience: now with MCP servers](https://stytch.com/blog/the-age-of-agent-experience-now-with-mcp-servers/): MCP servers plus OAuth 2.0 give AI agents scoped, revocable access to any app—ending brittle key sharing and unlocking secure, seamless Agent Experience for users and developers alike. - [Competitor page - Auth0](https://stytch.com/stytch-vs-auth0): Build auth that feels native to your app and proactively removes fraud and abuse. - [Migrating millions of users and orgs from Auth0 to Stytch B2B](https://stytch.com/customer-stories/tome): Learn how Tome migrated millions of users and thousands of organizations from Auth0 to Stytch's B2B authentication platform with no customer impact. - [A guide to passwordless authentication solutions by business vertical](https://stytch.com/blog/guide-to-passwordless-authentication-solutions-by-vertical/): You’ve just decided to go passwordless (an excellent choice), and now it’s time to figure out which passwordless authentication solution is right for your business. - [Solving Auth at Scale: Descript's Migration from Auth0 to Stytch](https://stytch.com/customer-stories/descript): See why Descript migrated from Auth0 to Stytch — unlocking enterprise-ready auth, seamless account linking, and an 8% boost in conversions🚀 - [Alex Zaldastani](https://stytch.com/blog/alex-zaldastani/): We’re so excited to celebrate another Stytch-iversary with our very own, chess-loving, Switch playing, book-club leading engineer, Alex Zaldastani! - [How to create a closed source Objective-C++ framework for Swift Package Manager](https://stytch.com/blog/creating-a-closed-source-framework-for-spm/): By default the SPM publishes your code open source, but there may be reasons why you would want to distribute your code in a closed source manner as well. In this article, we’ll explain and show you how. - [The ultimate guide to building user authentication into your Next.js application](https://stytch.com/blog/the-ultimate-guide-to-building-user-authentication-into-your-next-js-application/): Next.js is a popular React framework and we’re in the process of migrating our main stytch.com website to Next.js because of the developer experience and performance wins. - [Stytch vs Auth0: Bot detection](https://stytch.com/blog/stytch-vs-auth0-bot-detection/): This is where Stytch device fingerprinting not only outperforms bot detection but also surpasses other less persistent tech, like browser fingerprinting. - [Introducing Strong CAPTCHA, Stytch’s answer to CAPTCHA fraud](https://stytch.com/blog/strong-captcha-announcement/): Introducing Strong CAPTCHA, Stytch’s answer to CAPTCHA fraud - [RBAC vs PBAC vs ABAC](https://stytch.com/blog/rbac-vs-pbac-vs-abac/): Compare RBAC, PBAC, and ABAC in our blog post: key differences, strengths, use-cases, and decide which is best for your security needs. - [Integrated Stytch’s Email Magic Links and saw a 35% increase in users](https://stytch.com/customer-stories/standard-metrics): Standard Metrics (formerly Quaestor) expands and improves its user authentication capabilities and user count with Stytch. - [How to secure MCP: threats and defenses](https://stytch.com/blog/mcp-security/): Learn how to secure the Model Context Protocol (MCP) for AI agents. Discover common vulnerabilities like tool poisoning and line jumping attacks, plus proven defense strategies and security tools to protect your MCP implementations. - [Auth & identity](https://stytch.com/blog/category/auth-identity/): Read the latest from the Stytch team - [Company](https://stytch.com/blog/category/company/): Read the latest from the Stytch team - [Engineering](https://stytch.com/blog/category/engineering/): Read the latest from the Stytch team - [Product](https://stytch.com/blog/category/product/): Read the latest from the Stytch team - [Bot mitigation for identity and access management](https://stytch.com/blog/bot-mitigation-for-iam/): An overview of malicious bot traffic, and which bot mitigation solutions (i.e. device fingerprinting, CAPTCHA) are right for your product - [How to Enforce Multi-Factor Authentication with Node.js and Stytch](https://stytch.com/blog/how-to-enforce-multi-factor-authentication-with-node-js/): In this article, you’ll learn how to set up MFA in your own Node.js-based app using Stytch, a popular identity platform for developers. - [Our approach to developer-focused conferences](https://stytch.com/blog/developer-conferences/): We've been making the rounds on developer conferences, and have a few learnings on how to make the most out of them – and have the most fun. - [Streamlines sign-ups to <90-seconds with Stytch's SMS Passcodes](https://stytch.com/customer-stories/unbanx): Learn how Unbanx met their 90-second onboarding challenge with Stytch’s SMS One-Time Passcodes - [Stytch's guide to passwordless authentication](https://stytch.com/blog/stytch-guide-to-passwordless-authentication/): Thanks to new tools and technologies, passwords are finally being replaced with more secure and convenient passwordless authentication flows like email magic links, SMS passcodes, OAuth logins, push notifications, and biometrics. - [All about biometric authentication](https://stytch.com/blog/all-about-biometrics/): A deep-dive on biometric authentication – its history, current types, how they work, and the pros and cons of using them in your product. - [How to use references in your hiring process](https://stytch.com/blog/how-to-use-references-in-your-hiring-process/): Don't overlook using references in your hiring process. Read about how you can make the most of using references when building out your team. - [The best authentication services in 2025](https://stytch.com/blog/best-authentication-services/): The best platforms today go beyond simple authentication methods — they need to offer multi-factor authentication as well as enterprise-ready features like Single Sign-On (SSO), System for Cross-domain Identity Management (SCIM), OAuth-based third-party app integrations and even fraud prevention technology like bot detection. This article will cover the key features and qualities to look for in a modern authentication service. - [Improving conversion with Google One Tap](https://stytch.com/blog/improving-conversion-with-google-one-tap/): Today, we’re excited to launch support for Google One Tap, a passwordless technology that can significantly improve sign-up and login conversion for applications. - [Forget the password reset flow as you know it](https://stytch.com/blog/forget-the-password-reset-flow-as-you-know-it/): For those still using password-based authentication, implementing a password reset flow can be a frustrating step. - [How do voice recognition biometrics work?](https://stytch.com/blog/what-is-voice-biometric-authentication/): Learn how voice recognition technologies enable fast, frictionless logins that protect and delight your users. - [What is role-based access control (RBAC)?](https://stytch.com/blog/what-is-rbac/): Discover RBAC: Learn how role-based permissions bolster security and streamline access management in organizations of all sizes. - [What is a JSON web token?](https://stytch.com/blog/what-is-a-json-web-token/): Learn about JSON web tokens: what they are, how they're used, and the pros and cons of using them to manage authentication. - [4 Ways to use Stytch's Embeddable Magic Links](https://stytch.com/blog/4-ways-to-use-stytchs-embeddable-magic-links/): An Embedded Magic Link contains a piece of information attached to the link that can execute an additional action. - [Detecting AI agent use & abuse](https://stytch.com/blog/detecting-ai-agent-use-abuse/): The key question is: Can you detect AI agent traffic on your application today? We tested multiple AI agent toolkits across high-traffic consumer sites, and the results were clear—legacy detection techniques (CAPTCHAs, IP blocking, user-agent filtering) are largely ineffective. Here’s what we found. - [Out-of-the-box: User linking and provider failover with Stytch](https://stytch.com/blog/user-linking-and-provider-failover-with-stytch/): Learn how Stytch supports secure linking of user accounts and offers built-in providers for SMS- and email-sending for authentication. - [Agent Ready](https://stytch.com/ai-agent-ready): Complete authentication, authorization and security for AI Agents & LLMs—to prepare your app for what’s next. - [Bears, mice, and moles aren’t enough: a better approach for preventing fraud](https://stytch.com/blog/bears-mice-and-moles-aren-t-enough-a-better-approach-for-preventing-fraud/): Traditional fraud defenses struggle to keep up with modern threats like residential botnets and AI-powered automation. This article introduces Stytch’s practical framework for evaluating and improving fraud prevention, with a focus on better signal gathering, smarter decisioning, and resilient enforcement. - [Painting the town Stytch: the making of an OOH campaign](https://stytch.com/blog/the-making-of-an-ooh-campaign/): We decided to take our passwordless revolution to the streets and billboards of San Francisco. - [Mary Gruen](https://stytch.com/blog/mary-gruen/): Today we continue our celebration of Stytch-iversaries with two of the engineers who helped round out our first Stytch team, Danny and Mary. - [Bot Detection 101: How to Detect (and Beat) Bot Traffic](https://stytch.com/blog/bot-detection-how-to-detect-bot-traffic/): This article explains the top methods you can use to identify and block bots from your websites, apps, APIs, and other online services, ensuring the security and integrity of your applications and their associated data. - [Stytch introduces a modern upgrade to Passwords](https://stytch.com/blog/introducing-passwords/): Today, we’re introducing a password-based authentication solution, rebooted for the modern era. - [Spotlight on Dennis Huang](https://stytch.com/blog/spotlight-dennis-huang/): Spotlight on Dennis Huang - [What is CAPTCHA, and how does it work?](https://stytch.com/blog/what-is-captcha/): Learn how CAPTCHAs differentiate between real web users and bots — and how you can optimize them to protect your app. - [Eliminate bot attacks from the CAPTCHA equation](https://stytch.com/blog/protect-against-captcha-fraud/): Understand how CAPTCHA fraud works and how you can protect against it with Stytch’s stronger CAPTCHA solutions. - [Securing identity APIs against server-side request forgery (SSRF) at Stytch](https://stytch.com/blog/securing-identity-apis-against-ssrf/): Learn how Stytch protects identity infrastructure from SSRF attacks with multi-layered defenses—from hardened HTTP clients to strict network policies. A must-read guide to securing your authentication APIs. - [Organization tenancy: the foundation of SSO and B2B data models](https://stytch.com/blog/organization-tenancy/): In lesson two of B2B Auth School we dive deep into organization tenancy: the foundation of single sign-on and B2B SaaS data models. - [Announcing new pricing and self-serve options](https://stytch.com/blog/announcing-new-pricing-and-self-serve-options/): Stytch announces our new pricing model, designed with more tiers and support for our growing diverse base of customers. - [Using Connected Apps to build the Stytch CLI and improve the Stytch integration experience](https://stytch.com/blog/stytch-cli-connected-apps/): Put Stytch API commands right in your terminal with an easy to use interface, helping you ship and manage auth projects faster. Built with Connected Apps for simple authentication. - [Multi-factor authentication: how to choose the right approach for your business](https://stytch.com/blog/which-mfa-is-right-for-your-business/): Understand what multi-factor authentication is, how it enhances the security of your users’ accounts and which MFA is right for your business. - [Traded in a costly in-house authentication for Stytch’s out-of-the-box solutions](https://stytch.com/customer-stories/bitcoin): In this client story, you'll see how Bitcoin.com chose Stytch for scalable, cross-platform authentication. Read more here! - [Introducing TOTP Authentication for Next-Level Security](https://stytch.com/blog/introducing-totp-authentication/): Today, we’re excited to introduce TOTP (time-based one-time passcodes), an important passwordless two-factor authentication option that can be used in situations where you need high security assurance. - [Startup program](https://stytch.com/credits): Info on the deals and credits that Stytch offers for qualified startups hoping to get started with B2B or B2C authentication - [About](https://stytch.com/about): Learn more about Stytch as a company, our team, leadership, mission, vision, values, and career opportunities. - [Turns robust crypto security into seamless onboarding with Stytch's OTPs](https://stytch.com/customer-stories/ottr-finance): Ottr Finance turns robust crypto security into seamless onboarding with Stytch's OTPs. - [Account Abuse Prevention](https://stytch.com/blog/account-abuse-prevention-in-2024/): Multi-account abuse is a form of account abuse where attackers create multiple new accounts for free to exploit resources that are available to logged in users. - [What is a bot and how do they work](https://stytch.com/blog/what-is-a-bot/): What is a bot and how do they work - [How the API economy can radically transform your business](https://stytch.com/blog/the-api-economy-can-transform-your-business/): learn about the API economy and how API companies can benefit your business. - [Top techniques for effective API rate limiting](https://stytch.com/blog/api-rate-limiting/): Learn top techniques for effective API rate limiting to enhance performance and security. Explore strategies like token bucket, sliding window, and Stytch Device Fingerprinting. - [Optimizing DBs at scale: how we reduced writes by 1000x for one of our most accessed tables](https://stytch.com/blog/optimizing-dbs-at-scale/): Today we’ll talk about how we reduced writes by 1000x for one of our most accessed tables, saving us valuable DB CPU and freeing up dozens of connections to do more impactful work. - [Multi-factor authentication solutions: Choosing the best MFA provider for your use case](https://stytch.com/blog/mfa-solutions-and-providers/): Multi-factor authentication solutions protect your public and private applications from abuse by adding an extra layer of security to protect against account hijacking. This guide explains the factors you should consider when choosing a multi-factor authentication provider, explaining the features you may need for your use case or specific project requirements, as well as future-proofing your authentication systems. - [Password reuse is a cybersecurity threat](https://stytch.com/blog/password-reuse-is-a-cybersecurity-threat/): Good password hygiene has always been the top security measure to avoid data breaches. However, with so many websites, e-stores, and social media sites each requiring strong but unique passwords, it becomes hard to remember them. - [Stytch multi-tenant example apps](https://stytch.com/blog/stytch-multi-tenant-example-apps/): Use Stytch's multi-tenant example apps to see how to add flexible B2B auth and RBAC to a site built with Node, React, Express, and Astro. - [The FIDO alliance and a passwordless future](https://stytch.com/blog/fido-passwordless-authentication/): An overview of the FIDO alliance, their important work in building a passwordless future, and why Stytch became a member. - [Upleveling our SQL models to manage DBT query speeds](https://stytch.com/blog/upleveling-sql-for-dbt-query-speeds/): How our team improved our SQL models to improve DBT query speeds - [Understanding SLAs, SLOs, SLIs and Error Budgets](https://stytch.com/blog/understanding-slas-error-budgets/): Learn how we instrumented SLA and SLO tracking and spun up a lightweight public tool, error-budget.dev, to help you better understand error budgets. - [Stytch Event Log Streaming: Send auth & risk insights to your observability tools](https://stytch.com/blog/stytch-log-streaming/): Today, we're incredibly excited to announce Event Log Streaming which allows you to ingest Stytch authentication, authorization, and security events in your log management tooling, starting with Datadog but available for other vendors upon request. This is particularly helpful if you are already using tools or vendors for analysis, investigation, and retention of observability data. Previously Stytch logs were only available through the Stytch dashboard, but with Event Log Streaming, you can stream your Stytch event logs into other services. This allows you to easily correlate Stytch logs with other existing telemetry, and more easily monitor for anomalies. - [Adaptive MFA: A smarter approach to authentication security](https://stytch.com/blog/adaptive-mfa/): Adaptive Multi-Factor Authentication (MFA) is an advanced security method that uses contextual information and business rules to determine which authentication factors to apply to a user in a given situation. This article explains what adaptive MFA is, how adaptive authentication works, why it’s vital for strong identity security, and what comprises a best-in-class adaptive MFA solution in the rapidly evolving AI-powered era. - [How to manage Auth0’s rules and hooks deprecation: a shift towards actions](https://stytch.com/blog/auth0-rules-and-hooks-deprecation-disadvantages/): A look at how Auth0's recent decision to deprecate rules and hooks could hurt developers and end users – and what you can do about it. - [What is credential stuffing? How to prevent credential stuffing attacks](https://stytch.com/blog/what-is-credential-stuffing/): As more aspects of daily life go digital, we are increasingly grappling with threats to our cybersecurity and personal information. - [Unplugged Cognito and plugged in Stytch in just 2 days](https://stytch.com/customer-stories/pronti): Smart wardrobe app Pronti keeps costs low and offers flexible login options with Stytch’s One-Time Passcodes. - [Introducing JWTs for session management](https://stytch.com/blog/introducing-jwts-for-session-management/): We’re excited to launch support for JSON web tokens (JWTs) as part of our session management product! Now, developers can choose between JWTs, session tokens, or a hybrid approach. - [SAML vs OAuth: Key Differences Explained](https://stytch.com/blog/saml-vs-oauth/): The choice between SAML and OAuth isn’t a “this” or “that” conversation. While SAML and OAuth may appear to be alternatives or interchangeable at face value, they serve distinct use cases. - [Introducing major updates to Stytch B2B authentication](https://stytch.com/blog/major-updates-to-stytch-b2b-authentication/): Introducing major updates to Stytch B2B authentication, including RBAC, SCIM, pre-built UIs for MFA, Google One-Tap, and more. - [Building the future of authentication](https://stytch.com/blog/building-the-future-of-authentication/): At Stytch, we’re on a mission to eliminate friction on the internet while improving security. - [Announcing Stytch’s new Self-serve pricing: No feature gating, no hard caps, no surprises](https://stytch.com/blog/stytch-self-serve-pricing/): Today, we are thrilled to announce new self-serve pricing. Stytch is moving away from complicated tiers and feature gating to a simpler model: access all of our features and only pay for what you use. - [CAPTCHA vs. reCAPTCHA: What’s the difference?](https://stytch.com/blog/captcha-vs-recaptcha-whats-the-difference/): This article delves into the nuances of CAPTCHA and reCAPTCHA, explaining their shared functionality as well as their distinctions, shortcomings and evolution to combat sophisticated threats in the AI era. - [What is a passkey?](https://stytch.com/blog/what-is-a-passkey/): Stytch goes over the basics of the passkey – what it is, how it works, and how it improves on past auth methods like passwords and WebAuthn. - [Contact](https://stytch.com/contact): Contact Stytch - [Combating AI Threats: Stytch's Device Fingerprinting](https://stytch.com/blog/combating-ai-threats-stytchs-device-fingerprinting/): Combating AI Threats: Stytch's Device Fingerprinting - [What is MFA (Multi-Factor Authentication) and how does it work?](https://stytch.com/blog/what-is-mfa/): In this article, we'll cover what multi-factor authentication is, how it works, and some of the most common ways it's used today to protect online accounts.