-
## Expected Behavior
## Current Behavior
## Possible Solution
## Steps to Reproduce (for bugs)
1.
2.
3.
4.
## Context
## Your Environment
* Version used:
…
-
Like any good security citizens, we send notification emails to tell a user that there's been a new login to their account. Currently we send these too readily, though -- even if the user logs in from…
-
There was a [USA Cybersecurity Executive Order issued in 2021](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/) that re…
-
Currently it is possible to either silently allow actions or to ask users for authentication. I think there could be a third option in the middle where users are asked for confirmation, but without ha…
-
At this moment seems to be best candidate https://github.com/google/google-authenticator
**pros**
- another security layer which limit/block brute-force attacks
- clients on multiple devices (ios, an…
-
Quite a while back we got a formal objection from Rich Salz (https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607) over lack of guidance for developers. Since then, we made a document (https://www.ie…
-
**Additional context**
Firefox has a feature that as far as I'm aware is not implemented by any other browser (certainly not Chrome). Their APIs refer to this feature as [contextual identities](ht…
-
Email from Storage team
> according to the Storage Team’s security experts, it’s best to store the tokens in a secret store rather than exposing them as plaintext. We also had the same conversation…
-
-
Hi, team! Thanks for the great project. I think it would be useful to add more information about different tools that can be used to test an application and detect security issues. For example, Arachn…