Like of @rchrdbyd's tweet · Jamie Tanna

Post details

In today's lesson titled "don't roll your own auth". I just realized the "protected" part of my personal web app was just validating that the Yubikey OTP was a valid OTP not that it was a valid OTP for MY Yubikey.
Richard H. Boyd (@rchrdbyd)Sat, 26 Mar 2022 16:30 GMT

Sat, 26 Mar 2022 17:31 by Jamie Tanna . #authentication.

Also on:

This post was filed under likes.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.