Authentication

Breached Passwords and Modern Authentication: How Clerk Protects Your App from Known Risks TL;DR Using passwords found in previous breaches is like leaving your door unlocked for attackers. Developers can stop this risk cold—tools like Clerk Authentication and its competitors (Auth0, Okta, Microsoft Entra ID, and others) automatically block known breached passwords during signup and reset. Let’s break down why this matters, what the latest password dumps look like, and how you can protect your users (and your reputation) in a few lines of code....

TL;DR Single Sign-On (SSO) allows users to access multiple applications with just one login. It’s a cornerstone of modern IAM strategy—enhancing user experience, reducing password fatigue, and boosting productivity. But SSO done wrong can centralize risk. In this post, we cover: How SSO works (and where it fits) Benefits for security, UX, and operations SAML, OIDC, and modern federation protocols Common pitfalls and how to avoid them 🔍 Background Back in the early 2010s, most companies I worked with had users juggling 5–10 logins daily....

TL;DR Authentication is the process of verifying that users are who they say they are. It’s the gatekeeper to every digital system, and when done poorly, it becomes the #1 way attackers break in. From passwords to biometrics to FIDO2, authentication has evolved into a key pillar of Zero Trust security. In this post, we’ll explore: How authentication works Different types (and what’s still worth using) Best practices for IT teams How AI, phishing, and automation are shifting the landscape 🔍 Background After 15 years working in Identity and Access Management, I can confidently say: authentication is where security begins—or where it breaks down....