GitHub moves to tighten npm security amid phishing, malware plague

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
The Hacker News

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

Identity & Access Forum Fall Market Snapshot: Mobile Driver’s Licenses, Fraud Risks and Interoperability Take Focus

The Identity and Access Forum (IAF), an organization within the Secure Technology Alliance, today released its fall market snapshot. It provides a glimpse into how the industry is tackling rapid ...
UKAuthority

One Login provides benefits and challenges to local government

Councils emphasised that cost savings are essential to secure leadership buy-in, while secure identity verification and the ...
Security Boulevard

The Complete Guide to Google One Tap Login: Everything Developers Need to Know

Boost user signups by 90% with Google One Tap Login! This complete 2025 guide covers implementation, security considerations, ...
Security Boulevard

Auth Migration Hell: Why Your Next Identity Project Might Keep You Up at Night

Authentication migrations fail 40% of the time, costing millions in downtime. Learn the strategies security leaders use to avoid disaster, choose the right vendors, and build future-proof identity ...
Biometric Update

NIST pushes criminal justice agencies toward MFA to secure sensitive data

At the center of the cybersecurity guidance is the recognition that passwords alone have become a dangerously weak line of defense.
GitHub

AWS GitHub Actions OIDC Terraform Module

Terraform module to configure GitHub Actions as an OpenID Connect (OIDC) identity provider in AWS, allowing GitHub Actions to obtain short-lived credentials by assuming IAM roles directly, and ...