All about auth

JWTs vs. sessions: which authentication approach is right for you?

Your application just received a login request, and the credentials passed successfully prove the identity of a user in your system. Wonderful, you have a high degree of confidence in who this user is and what they should be able to access! …but wait, what happens on the next API call where they don’t include …

JWTs vs. sessions: which authentication approach is right for you? Read More »

Web3 and the future of data portability: rethinking user experiences and incentives on the internet

Web3’s fundamental improvements to data portability and user authentication enable new, exciting experiences, but solvable shortcomings remain. Tech conversations are now peppered with a new, contentious buzzword: Web3, and we’re all likely to hear a lot more of it in the coming years. It’s an umbrella term for disparate ideas all pointing in the direction of …

Web3 and the future of data portability: rethinking user experiences and incentives on the internet Read More »

What is WebAuthn?

We’ve said it before and we’ll say it again, WebAuthn is one of the most exciting passwordless technologies available for both engineers and for users. In our latest post, we go a level deeper on WebAuthn to share what it is, why it’s so exciting, and what are considerations for implementing it.   WebAuthn, MFA, and …

What is WebAuthn? Read More »

Password reuse is a cybersecurity threat

A CyberNews interview with Stytch co-founder Reed McGinley-Stempel Good password hygiene has always been the top security measure to avoid data breaches. However, with so many websites, e-stores, and social media sites each requiring strong but unique passwords, it becomes hard to remember them. Having to continuously make up long and difficult-to-guess passwords results in …

Password reuse is a cybersecurity threat Read More »

All about biometrics

From fingerprints to faceprints, asking users to present biometric credentials is fast becoming a familiar authentication protocol. In this article, we’ll cover the basics of biometric authentication: what it is, how it works, and what to consider when implementing it. What is biometric authentication? Biometric authentication is a secure, low-friction way to confirm a user’s …

All about biometrics Read More »

Build vs. buy: what to consider when setting up an auth flow

Deciding whether to build new software and features in-house or buy an API or SDK solution from a third-party vendor is a question engineers face on a regular basis. When it comes to your authentication flow, that choice can have major implications for security—not to mention your user and developer experience and the resources you’ll …

Build vs. buy: what to consider when setting up an auth flow Read More »

How Does Single Sign-On Work?

In today’s digital-first world, good cybersecurity is more important than ever. With cyber attacks becoming more complex, creating secure apps and services is a crucial step in preventing them. For many reasons, the old standard of a password and username simply doesn’t cut it anymore. But requiring users to create complex password and username combinations for …

How Does Single Sign-On Work? Read More »

Refresh tokens: a refresher

When it comes to authorization, developers must carefully-balance security with user experience. On the one hand, if protocols are too stringent, a user can become frustrated. On the other, if authorization is too lax, a security breach is all but inevitable. Fortunately, there’s a solution that fulfills both needs—refresh tokens. In this post, we’ll explain …

Refresh tokens: a refresher Read More »

What is an API? What is an SDK? (And What’s the Difference?)

APIs and SDKs make it easier for developers to integrate different features and functionalities into their applications. Instead of development teams having to build all of their solutions in-house, APIs and SDKs enable them to connect to other apps and platforms and leverage existing services and technologies, providing them with the tools and resources they …

What is an API? What is an SDK? (And What’s the Difference?) Read More »