Archive of posts from March 2019

FusionAuth 1.5 Adds Passwordless Login

Logging in without a password? In what fantasy land can that be secure?!? The fact is it can be much more secure than traditional passwords, and is now supported in our newest release. FusionAuth 1.5 is now available for direct download, FastPath one-line install, Homebrew or Docker. It includes new features, a few changes, and minor fixes for issues discovered by QA testers and our growing community of users. Get the brief overview below, and visit our release notes for the full details.

READ MORE

Using Webhooks In FusionAuth To Delete User Data

If your inbox looks anything like mine, you’ve seen hundreds of messages from companies updating their privacy policies and terms of service. This is mainly due to the European Union’s General Data Protection Regulation or GDPR, which went into effect on May 25, 2018. The GDPR grants a set of “digital rights” to EU citizens, including a “right to erasure.” Basically, this means a user can request that their data be deleted, and there can be substantial fines if a company is not able to honor these requests.

READ MORE

Is FusionAuth GDPR Compliant?

It’s been about a year since the General Data Protection Regulation (GDPR) became fully enforceable. Are you compliant yet? We started making FusionAuth GDPR compliant as soon as the regulation was adopted, although to be honest, there wasn’t a lot we needed to do. We fully agree with these regulations and feel they provide effective guidelines that any application should follow with their users’ personal data. If you are trying to catch up with the GDPR news, read our Developer’s Guide to the GDPR here and you’ll have a good idea of what you should be aware of. Our developers have been working with these concepts for years now, so it was exciting to see our caution around user data validated.

READ MORE

Like your avatar? You can keep it.

Did you know that you can now bring your avatar with you when you log into FusionAuth? Gravatar provides users with a globally recognized avatar. If you already have a Gravatar account then you don’t need to do anything else, we’ve taken care of everything. For those without a Gravatar account you’ll still see a randomly generated Gravatar. Everyone wins.

READ MORE

Stop Storing My Plaintext Password

Believe it or not there are still companies emailing users with plaintext passwords. Worse yet, some systems are storing plaintext passwords in the database. Storing or emailing plaintext passwords can increase security vulnerabilities by as much as 10x. Just freaking stop!

READ MORE

Keycloak and FusionAuth Comparison

Keycloak and FusionAuth are CIAM platforms designed to register, login and manage users in modern applications. They eliminate the risk, costly development and maintenance time required to build an in-house solution. Keycloak and FusionAuth share many features, but also have important differences. Use this information to compare the two and determine which matches your needs.

READ MORE

6 Ways The FusionAuth API Is GDPR Ready

The GDPR is a complex regulation, but at its most basic level it requires organizations to provide “data protection by design and default.” FusionAuth is built with a powerful REST API that gives developers the tools they need to adhere to the requirements of the GDPR quickly and easily. On May 23, 2018 FusionAuth’s CEO Brian Pontarelli presented to Colorado’s technology leaders about how the GDPR and data privacy will affect US companies, and went into detail about how the FusionAuth API is well-suited to help companies stay GDPR compliant and avoid risks of fines and data restrictions for data protection violations.

READ MORE