Posts tagged "authentication"

4 posts tagged with authentication.

How TOTP Two-Factor Authentication Works (RFC 6238)
securityauthentication2facryptography
How TOTP Two-Factor Authentication Works (RFC 6238)

Those six-digit codes from Google Authenticator, Authy, and 1Password are not magic. They're HMAC over a clock. Here's the precise algorithm, the security model, and why drift handling matters.

May 9, 2026 ·9 min read
API Keys: How They Work, Best Practices, and What to Avoid
securityapiauthenticationdeveloper
API Keys: How They Work, Best Practices, and What to Avoid

API keys are the workhorse of server-to-server authentication, but a leaked key can mean thousands of dollars in fraudulent charges. Here's how they actually work, where to store them, and how to design rotation that survives contact with reality.

May 9, 2026 ·9 min read
How OAuth 2.0 Works: Flows, Tokens, and Security in Plain English
oauthauthenticationsecurityapi
How OAuth 2.0 Works: Flows, Tokens, and Security in Plain English

OAuth 2.0 is the standard behind every "Sign in with Google" button — yet the underlying flow confuses many developers. This post maps out exactly what happens behind the scenes.

February 10, 2026 ·11 min read
JWT Tokens Explained: Structure, Security, and Common Pitfalls
jwtauthenticationsecurityapi
JWT Tokens Explained: Structure, Security, and Common Pitfalls

A JWT looks like random text until you decode it — then you find a header, a payload, and a signature. This post explains exactly what each part does and why that matters for security.

January 5, 2026 ·10 min read