Adding a self-hosted captcha alternative to ASP.NET Identity

Sooner or later your public facing ASP.NET Identity form will be targeted by illicit actors and you will start getting sign-ups from john.doe1231@gmail.com but they never click the email verification link or use the service. My best guess this is either to warm up spam sending email addresses with legitimate email traffic or to disqualify … Continue reading Adding a self-hosted captcha alternative to ASP.NET Identity →

Using Clerk as an OAuth Provider for ASP.NET Core

I've been using Clerk on the frontend for a few applications and recently came across the need to authenticate on the server side too. This guide will show you the necessary steps to configure Clerk and ASP.NET to enable authenticating your Clerk users. Update Oct 2023: Removed open_id scope as it is not accepted anymore … Continue reading Using Clerk as an OAuth Provider for ASP.NET Core →

WhatsApp conversations increase your medical bills? When ads are not just ads.

Europeans on the web have typically been much more privacy aware than their US counterparts. So the WhatsApp exodus post Facebook purchase (as seen in the iOS AppStore charts led by alternative clients in a number of European countries) didn't surprise me that much.But what was unusual is my personal decision to join the masses … Continue reading WhatsApp conversations increase your medical bills? When ads are not just ads. →

“Bob is on BeardGroomers.com” – Your system is leaking information

Exchange BeardGroomers.com with a more risqué site and at best the grapevine starts talking. In the worst case political views, private activities etc are used to blackmail you.A very common security best practice is to avoid information leakage on web sites. This basically means you shouldn't be able to figure out if a user account … Continue reading “Bob is on BeardGroomers.com” – Your system is leaking information →

Office 365 does not allow more than 16 character passwords or “Why, why, why???”

Since my first article about a financial institution's policy on password length I've encountered a couple of examples. All of which were not really worse than the one I had mentioned before but today I was happily signing up for Microsoft's new online services offering and was prompted to change my password (n.b. I was … Continue reading Office 365 does not allow more than 16 character passwords or “Why, why, why???” →

Only secure passwords please, but no special characters, symbols or spaces please.

There are a lot of these personal finance planners online, most recently lil' mint.com has become the darling of the techcrunch crowd. They all make life so easy by pulling my transactions from my bank account, credit cards etc. But am I the only one who really thinks that passing on my online banking details … Continue reading Only secure passwords please, but no special characters, symbols or spaces please. →