Lance Ivy
Lance Ivy
Lookalike username attacks can be used for social engineering situations like phishing.
Throttling for every endpoint that leaks information about users in the system or can be used to incur costs to the business (e.g. SMS). A well-designed throttling plan should leave...
Support for SMS-based MFA using provided Twilio credentials. Includes support for formatting and verifying a number. Different from https://github.com/keratin/authn/issues/10 because it actually implements delivery process and removes need for app...
Generate and deliver a MFA code suitable to be delivered by application emails or SMS and typed by hand.
When choosing to increase the BCrypt work factor, a person should be able to walk the database and increase the work factor of all stored hashes without waiting for a...
Password-less login links can be delivered by trusted channels such as emails or native app push notifications. The page where a user initiated the process can poll for updates and...
Advanced password policies for required rotation intervals, history-driven reuse requirements, or other rules that may be important to an organization.
An additional MFA option to require that accounts pass additional MFA challenges when heuristics determine that the access is "unusual".
Enable SSO across multiple applications and domains, and ensure that signing out from one location will also sign out all other locations.
Throttles are not enough to fight a distributed attack on the signup process. This feature adds support for advanced countermeasures that make scripted signups costly and difficult, without resorting to...