featured in #434
Why Even Let Users Set Their Own Passwords?
- Hugo Landau tl;dr: Hugo argues for a rethink of the way we handle passwords, pointing out the contradictions and shortcomings of current practices. They suggest that issuing high-entropy, randomly generated passwords to users, similar to API keys or TOTP, may be more secure than the current standard of user-created passwords.featured in #433
featured in #423
Break Glass, Not Rules: Ensuring Compliance in Emergency Code Changes
- Dave Gaeddert tl;dr: In "break glass" scenarios, code review often gets skipped. But many compliance frameworks like SOC2 require that all changes get reviewed. PullApprove tracks these unreviewed pull requests as "bypassed" and facilitates a post-merge review process.featured in #419
Testing A New Encrypted Messaging App's Extraordinary Claims
tl;dr: The author used reverse engineering and decompilation tactics to view the inner-workings of an encryption app that was making “wild” claims, comparing its novel encryption protocol against established encrypted messaging apps.”featured in #414
featured in #409
Cloud-Native Privileged Access Management
tl;dr: DevOps practices have revolutionized how apps and infrastructure are managed, but access hasn't kept up. Shared secrets like passwords and keys – the #1 source of data breaches – are the norm. Teleport replaces shared secrets like passwords, keys, tokens, and even browser cookies with true identity, removing risk while letting engineers go fast.featured in #400
Database Cryptography Fur The Rest Of Us
tl;dr: The author defines database cryptography, how it manifests for both relational and NoSQL databases, searchable encryption, and provides a case study of MongoDB’s Client-Side encryption.featured in #394
featured in #388
What's Identity-Native Infrastructure Access?
tl;dr: Unlock all Teleport Connect sessions to learn about infrastructure access from DoorDash, Dropbox, Discord, Vonage, and others when you RSVP for the Feb 9th event.featured in #386