
Intelligent MFA Should Challenge Risk, Not Loyal Customers
There's an old line in security: the most secure system is the one that's switched off. It's also completely useless. Every authentication decision you make...
July 9, 2026
Tags

There's an old line in security: the most secure system is the one that's switched off. It's also completely useless. Every authentication decision you make...
July 9, 2026

Of all possible browser-based OAuth architectures, the Browser-Based OAuth Client (BBOC) pattern is the least secure. Despite this, BBOC remains the most...
June 3, 2026

This post discusses the Token-Mediating Backend (TMB) authentication architecture for OAuth 2 applications. It covers how secure TMB is, when to use it, and...
May 7, 2026

On September 8, 2025, developer Josh Junon received what looked like a legitimate npm two-factor authentication (2FA) reset email. Within hours, malicious code...
April 22, 2026

In our previous post, Announcing FusionAuth 1.59.0 - The Identity Ibex, we explored the shift towards separate Email and Phone Identities. This was a...
March 6, 2026

This article discusses the dangers of storing OAuth tokens in the browser or on a client-side device – a common pattern in serverless architectures like...
June 30, 2025

If you're outsourcing your authentication, you'll find that most vendors only allow you to test with mocks. Is that really good enough? Shouldn't you be able...
June 3, 2025
Showing 1to 7of 24results
Get updates on techniques, technical guides, and the latest product innovations coming from FusionAuth.