![\"Password](\"https://apidocs.lrcontent.com/images/photo-1584433144859-1fc3ab64a957--colorized_733860bf4aaac3d743.55160141.jpg\" "\\"Password")
Since the start of the digital revolution, the world has become smaller and humans have developed a culture of always being connected.
\nToday we are surrounded by digital transactions, digital communication, digital social life, and whatnot. A massive chunk of all kinds of data is available on the internet, be it your personal or professional data.
\nThe internet knows about you more than you. Imagine what an individual can do if this data falls into the wrong hands. I am not here to instigate fear in you about the digital world, but you cannot neglect the possibility of this happening.
\nWe all are conscious about our privacy and data security, and a perfect real-life example can explain this. Most of us know when and where we have to switch to our internal privacy mode according to the situation.
\n
Passwords are the only measures that help us immensely to protect our data. So don't you think our protector should be more robust? Yes, it should be strong enough to withstand multiple attacks trying to steal your data.
\nI don't think that anyone needs an introduction to \"What is Password.” We are surrounded by passwords from the time we wake up till the time we sleep. \"A password is a combination of characters and symbols which uniquely identifies each individual.\"
\nA password can be used in multiple scenarios, but the motive to use them is similar, i.e., to authenticate the individual's identity. Passwords are used mainly with a unique ID or \"Username,\"—together, the combination is referred to as Login credentials.
\nMost of the passwords contain letters, numbers, special characters, and symbols, and they can vary in length. Before setting a password, you should ensure that the combination should be easy to remember but hard to crack, which means it should not be that easy that everyone can guess it, and it should not be much hard that you forget it after some time.
\n![\"Password](\"https://apidocs.lrcontent.com/images/password-2781614_960_720--colorized_2788360bf4b253cafb2.39488510.jpg\" "\\"Password")
Once an account is created on any website, it prompts us to set a new password for the site. The passwords we set that time can be categorized into two types, Weak and Strong passwords.
\nLet’s see some very common practices for weak passwords.
\nBy now, the need for a strong password must be clear for you, and you must be eager to know in what ways a password can be made stronger. Calm down! We are about to cover some important points by which password security can be enhanced many folds.
\nThere are various ways to enhance the security of your password; however, I am highlighting three such points which every business and individual needs to ponder while enhancing the security of their passwords. These are :
\nEnabling this feature in your product/website can add an extra layer of security to it. This feature holds the history of passwords that are created for a particular account.
\nPassword reuse is now an important headache for organizations as users tend to use similar passwords as they have used in the past. Using the same password for a longer period of time gives more chances to the hacker to determine the password.
\nThe password history feature can have a limit up to which you can not use any such password which you have configured. For example, if you set the limit to 5, then you will be unable to use the last five previous passwords.
\n![\"Phising](\"https://apidocs.lrcontent.com/images/phishing-3390518_960_720--colorized_2613960bf4d54d50e62.32324792.jpg\" "\\"Phising")
In this way, consumers will be forced not to reuse their old passwords again and again. Setting a new password creates challenges for an attacker, and the account remains safe.
\nRead More: A Comprehensive Framework for Passwords to UP Your Security Game!
\nFrom the above points, we have learned the importance of not using old passwords; let's understand how our new passwords should be. Creating a strong password requires a combination that can not be easily guessed by attackers after extracting some information from your social handles.
\nIf you have kept your password as plain text, let's say a name of your first dog or a favorite picnic spot, etc., which can be easily guessed by attackers once they get some data from the social network. In that case, your privacy and data are at risk of being compromised. To avoid this, you must create a complex and hard password.
\nNow you will ask what are the ways by which you can create a strong and complex password and also remember it. I have sorted out few important points which can be followed while creating new passwords:
\nMost of the organizations which hold users' sensitive data use this policy of password expiration. This policy forces the user to update/change their passwords after a certain period of time.
\nAs a result, it chips down the time for attackers to guess the consumer's password. Earlier, consumers used to set up passwords for their accounts, and hackers had so much time to attempt cracking multiple times.
\nBut now, till the time they come up with a possible password, the consumer would have already changed the password. In this way, enabling the Password expiration policy adds an additional layer of security for your passwords.
\nProtecting consumer's data is a top priority for many organizations as it is the basis of the trust that their consumers have placed in them. There are various other techniques which you can embed along with these three to push your password security to the next level.
\nSome of them are using Two Factor Authentication, Biometric authentication, Brute Force Lockout, and many others. Together these can increase password security many folds.
\nIf you really want to survive in this digital world where everything is digital, you are required to have some basic understanding of how to protect yourself and your data from being compromised. Passwords are nothing but a key to your digital locker, and hence they will be as strong as you make them. Follow the above-mentioned few points and consider most of your data secure.
\nCheers!
\n\n","frontmatter":{"date":"June 08, 2021","updated_date":null,"description":"Passwords are the only measures that help us immensely to protect our data. So don't you think our protector should be more robust? This blog explores the various techniques which you can embed to push your password security to the next level.","title":"Password History, Expiration, and Complexity: Explained!","tags":["authentication"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/22e68765e4bf99a7b49ed7f55c7067d0/14b42/Passwordhistory_cover_pic.jpg","srcSet":"/static/22e68765e4bf99a7b49ed7f55c7067d0/f836f/Passwordhistory_cover_pic.jpg 200w,\n/static/22e68765e4bf99a7b49ed7f55c7067d0/2244e/Passwordhistory_cover_pic.jpg 400w,\n/static/22e68765e4bf99a7b49ed7f55c7067d0/14b42/Passwordhistory_cover_pic.jpg 800w,\n/static/22e68765e4bf99a7b49ed7f55c7067d0/47498/Passwordhistory_cover_pic.jpg 1200w,\n/static/22e68765e4bf99a7b49ed7f55c7067d0/0e329/Passwordhistory_cover_pic.jpg 1600w,\n/static/22e68765e4bf99a7b49ed7f55c7067d0/947df/Passwordhistory_cover_pic.jpg 5472w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Ashish Kumar Yadav","github":null,"avatar":null}}}},{"node":{"excerpt":"A single sign-on system enables users to access multiple applications without creating additional accounts or repeatedly entering passwords…","fields":{"slug":"/identity/saml-or-oidc-for-business/"},"html":"A single sign-on system enables users to access multiple applications without creating additional accounts or repeatedly entering passwords.
\nSingle sign-on systems follow the OpenID Connect (OIDC) or Security Assertion Markup Language (SAML) protocols. For any company concerned about securing its users' data, getting a grip on SSO can be a daunting task.
\nBut determining whether SAML or OIDC is right for your enterprise requires weighing a few characteristics against your business goals.
\nOpenID Connect or OIDC is an authentication protocol that verifies end-user identity when the user is trying to connect with a secure server like HTTPS.
\nSecurity Assertion Markup Language (SAML) is an authentication protocol that is used between an identity provider and a service provider. It works by transferring user login credentials to the service provider if it passes SAML attributes.
\nBoth OIDC and SAML authentication are identity protocols and can be the basic building blocks of any identity provider. Businesses generally use either of the protocols to maintain their user accounts and data.
\nBefore we look at the differences between these protocols, let us understand the basic OIDC and SAML workflow which can be broken down as follows:
\nSAML authentication protocols were first introduced in 2005. SAML authentication transfers information like the user's first name, last name, etc., to verify that the end-user is genuine. This transmission method uses XML format and relies on secure HTTPS servers. This transmitted user data in SAML authentication is called \"SAML assertion\". Without the right assertion, the user is unable to gain access to the information or the account. OIDC is used by various popular private enterprises using Nomura Research institute, PayPal, Ping Identity, Microsoft, Amazon, etc. SAML is generally used for business and government applications like citizens Ids. The major difference in both these protocols is due to the security difference in OIDC and SAML authentication. OIDC is generally preferred in commercial applications where simple identity verification is required over a complex one. Various organizations trust SAML authentication because it provides a wide range of features. It was developed almost 17 years ago, and therefore it has well-developed security features. OIDC, on the other hand, is newer and still evolving. While OIDC has secure protocols, these are yet to be adapted for the needs of specific sectors like banking. This lack of features is one of the reasons why SAML is lagging in terms of applications. OIDC is easy to integrate and therefore is used by mobile applications and single-page apps. On the other hand, SAML authentication is heavyweight and cannot be integrated into these without compromising on other features. OIDC was developed specifically because SAML was too heavyweight for such applications. Simply put, OIDC is another layer of the OAuth framework. This increases the security and permits the user first to give consent before the user can access a service. This is an in-built service and a standard protocol. However, in SAML, the authentication protocols need to be coded individually by the developer. To provide authentication, SAML relies on IdP and relies on the party to know each other. If they don't, no data transfer can take place. While both authentication protocols are powerful and have their benefits, businesses need to be careful while choosing one. Here's how you can choose which protocol to use. Given below are the factors that you should keep in mind when choosing an authentication protocol: As already discussed in the previous section, the applications of both OIDC and SAML are completely different. SAML authentication should be used if your business deals with sensitive data and requires the highest possible security. On the other hand, OIDC can be used if you require only minimum verification or temporary logins rather than long-lasting user accounts. OIDC works well with mobile applications and should therefore be used if you want to create an application centred around user-friendliness. Since this protocol is lightweight, it can be implemented on almost all devices to provide a rich user experience. LoginRadius provides a seamless cloud-based Identity management solution. The platform simplifies the process of registering, verifying and authenticating new users. It is a completely customizable service that can be scaled up according to your growing business requirements. It’s easy to get started with both SAML 1.1 and SAML 2.0 with LoginRadius. The CIAM provider functions both as an identity provider (IDP) or a service provider (SP). Its Admin Console gives you complete control over your SAML setups, thereby allowing you to adjust the assertions, keys, and endpoints to meet the requirements of any SAML provider. LoginRadius also supports federated SSO protocols, like Multipass, OpenID Connect and Delegation. Whether you opt for a SAML or an OIDC verification method, the identity provider you choose can define your app's features and user-friendliness. Partnering with the right platform will help you provide the best security possible and ensure you don't fall victim to any cybercrimes. So, like many other businesses these days, you have started building your social media presence through Twitter. But has it ever happened that people have started following another account of the same name instead of your official one? It can be a real bummer, right? Not anymore. Now, Twitter has a verified blue checkmark badge option to sort this out. But how will a blue checkmark help your business or fan page? And what difference does it make? Let’s explore this Twitter marketing strategy in detail and why you need a blue checkmark in front of your Twitter account to build brand trust among your audience. Well, no one can answer this question better than Twitter itself. So, according to its official statement, “The blue verified badge on Twitter lets people know that an account of public interest is authentic.” This means a blue verification badge on your Twitter account signifies that the account is of public interest and genuine. And to make it clearer, only Twitter is entitled to give the blue checkmark badge in front of an account name. So, if anyone tries to use an image or the same symbol in their account without getting verified, it can lead to suspension of the account from the platform. That being said, who can earn a blue checkmark? For Twitter verification, the account needs to be of public interest. Generally, it means user accounts of: For starters, to get yourself a verification badge, the account needs to be notable, authentic, and active. To break this down, here’s what you need for increasing your online reputation. This is a non-negotiable option for getting your account verified. To do this, visit your Twitter profile, and click on the edit profile button located on the right side of the stats at the top itself. This will take you to various editable aspects of the profile. Add your name and birthdate – and this means the real name of the person or brand as on the documents. Then, add an appropriate picture that can describe your brand in the best possible way. Finally, add a bio that specifies your area of expertise. After you are done with these three main fields, complete all the other fields too. This will simply help with your Twitter marketing strategy. Pro Tip: While adding the birth date, you can enable the lock feature to choose who all can see your birthdates and the ones who cannot. Go to the security and privacy page from your account and uncheck the ‘Twitter privacy’ checkbox. You must make sure that the checkbox is unchecked to make your tweets visible to the public (one of the reasons why your account is of public interest). You may have already added your phone number and email ID while creating the Twitter account. But if you haven’t, now is the time. Also, get them verified by entering the verification code sent to the contact number. Similarly, a link will be sent to your email address, and clicking on that link will verify the email ID. When you go through this process, Twitter will ask if the account name is the one that needs to be verified. It will also ask you for the reasons why the account needs to be verified. You can share some links to support your case. Ideally, this is what the verification dialog box will look like:2. Different application approach
\n3. Security of OIDC and SAML
\n4. Integration and support
\n5. Different authentication methods
\nWhen to Choose SAML and When to OICD?
\n1. Application
\n2. User-experience
\nHow will LoginRadius' Expertise in Identity Platform help you?
\nConclusion
\nWhy Do You Need a Verified Twitter Account?
\n\n
\nHow to Get Twitter Verification for Your Account?
\n\n
\nA Step-by-Step Process for Gaining the Blue Badge on Twitter
\n![\"Twitter-verification-feature\"](\"/fcccd32e84db313b53dca97bad76cf3c/Twitter-Verification-Feature-Image.webp\")
Step 1: Make sure the profile is complete
\nStep 2: Set Tweets to Public
\nStep 3: Verify Your Phone Number and Email ID
\nStep 4: Verification Process
\n
Zero trust significantly reduces an enterprise's cybersecurity risk and the damage caused by a compromised user account.
\nBut, there is a catch.
\nZero trust security is valuable only when it can be implemented across the company's entire network infrastructure.
\nThis is where SASE comes into the picture. It integrates the zero trust functionality that enables performing access management across the organization's Wide Area Network (WAN).
\nSo, what is SASE?
\nSASE (Secure Access Service Edge) is a WAN networking and security solution that brings together a full security stack and the optimized network routing capabilities of software-defined wide-area networking (SD-WAN). It is a cloud solution that supports businesses' cloud-based network infrastructure.
\nSASE solutions provide security inspection, secured remote access, and optimized networking across a company's entire network. Here are 10 reasons why implementing SASE with a Zero Trust strategy is critical for your business.
\nCompanies are preferring to store critical data on hybrid or public cloud instead of corporate-owned data centers. This requires companies to rethink legacy assumptions of trust around processes, technologies, people, skills, and data center security tools.
\nThe new cloud infrastructure needs a shared responsibility model where both the cloud vendor and the enterprise are responsible for providing and maintaining security. A zero trust security model can act as the foundation of shared cybersecurity responsibility.
\nThe way businesses operate has undergone a drastic change. Today, each company relies on digital technologies that have reduced the relevance of traditional perimeter-based cybersecurity models. Parameters don't define the scope of security enforcement any longer.
\nThis is where zero trust security comes into play. It adopts a micro-level approach to approving access requests inside networks. It operates on the principle of least privilege that ensures that everybody gets limited access to the entire system. Consequently, it monitors and verifies each request to get access to different parts of the network.
\nToday, a significant number of applications are offered using PaaS (Platform-as-a-service) and SaaS (Software-as-a-service). Software OEM builds applications using readily available services for logging, authentication, machine learning, database, etc.
\nThey have proprietary rights for business logic and core logic but have little ownership of the software components required to develop the applications. This indicates that application developers cannot trust their applications.
\nOn the other hand, in a zero trust security approach, security controls are positioned, assuming that the network is already compromised.
\nEnterprises must realize that their dependency on people and processes to conduct various business operations has changed. Traditionally, customers and employees have been the primary users of a business's applications and infrastructure.
\nBut today, even vendors and suppliers are a significant part of the system. Businesses should keep in mind that non-employees such as them shouldn't have full access to the business application.
\nAlso, employees perform specialized functions, and hence, don't need access to the entire network. A zero trust security approach allows enterprises to provide access based on key dimensions of trust, which helps keep an eye on everyone accessing the system, even those with elevated privileges.
\nToday, everyone accesses applications and databases through a cloud network remotely. This implies that internet networks are no longer secure from being hacked or manipulated. So, visibility solutions and network perimeter security that most businesses use are no longer effective in keeping attackers at bay. In this age of remote work, the concept of implicit trust has lost its sheen.
\nZero trust works on principles such as \"always-verify\" and \"least privilege\" that provide visibility of the entire network existing in the cloud and data centers.
\nAlso Read: Future-proof Your Security Systems by Moving to Cloud Through SASE Approach
\nThe COVID-19 pandemic has ushered in a new normal where more than half of each company's workforce works from their homes. This also means that processes and security technologies based on a particular geographic location, such as the company's headquarters, are no longer relevant.
\nBut there is a hidden danger. When everyone works using a different Wi-Fi network, it substantially increases the possibility of the business network contracting a virus or malware.
\nBusinesses must acknowledge that work-from-home setups aren't secure enough because employees' Wi-Fi router isn't configured for Wi-Fi Protected Access 2 (WPA-2). Various IoT devices like the thermostat or the baby monitor use several protection protocols that don't provide much security.
\nOn the other hand, a zero trust security framework ensures that employees work from a secured and verified environment.
\nDid you know that 30,000 websites are hacked daily? And did you know that cyber-attacks happen every 39 seconds?
\nToday, cyberattacks are prevalent across industries and they are increasing at a rapid pace. Recently, the pharmaceutical industry has been the worst affected industry in terms of the number of cyberattacks registered every day.
\nHackers have stolen intellectual property rights and formulas for making vaccines for which pharma companies had to pay huge ransoms to ensure business continuity.
\nZero trust framework ensures that these enterprises become less vulnerable to security breaches and better equipped to mitigate financial damage.
\nIn the starting years of the 21st century, cybercriminals would hack a website to expose its security vulnerabilities. But today, they are stealing intellectual property rights and confidential data from secured databases of companies.
\nTo inflict maximum damage, cybercriminals are using advanced tools. Gone are the days of simple phishing scams that were easy to detect and repair. Today's cyberattacks impact entire financial, societal, national, and physical systems.
\nCybercrime has become highly organized as well. They are run by international crime rings, nation-states, and ransomware groups. And the worst part is that they can bypass traditional perimeter security. Only micro-segmentation and zero trust security models can detect them.
\nWhile employees work remotely from their homes, they don't use their work devices, which are kept up to date with security policies and tools. Instead, they use their personal computers, laptops, and phones and forget to apply basic cyber hygiene skills.
\nZero trust security protocols work on the fundamental principle of \"trust nobody; verify everything\" that enforces access controls across every network node.
\nCybercrimes are no longer limited to DDoS attacks. They have evolved to target financial data, customer data, IP and proprietary functions. Cybercrimes are now expanding to areas such as nuclear power plants, financial data, government systems, elections, and weapon arsenals.
\nThis means that resilient cybersecurity strategies hold paramount importance at each level of society and government. The zero trust security framework significantly increases cyber resilience for government agencies and multinational enterprises that help mitigate security breaches.
\nThe perimeter-based reactive methods that were the core of old and traditional security systems have become obsolete. The zero trust security model is the future of cybersecurity.
\nProactive governments and businesses must adopt it to ensure a cyber-secure future for their employees, customers, partners, and citizens. This new-age cyber secure system provides network visibility and constantly monitors who is accessing the system.
\nIf you too want to implement a zero trust security model in your organization, book a demo with LoginRadius today!
\n\n","frontmatter":{"date":"June 04, 2021","updated_date":null,"description":"The perimeter-based reactive methods that were the core of old and traditional security systems have become obsolete. The zero trust security model is the future of cybersecurity. But, it is valuable only when implemented across the company's entire network infrastructure. This is where SASE takes the lead.","title":"10 Reasons For Businesses to Implement SASE with a Zero Trust Strategy","tags":["zero trust security","sase","cybersecurity"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/7313f8e38afd2c9efe419124dac7491d/14b42/sase-zero-trust-cover.jpg","srcSet":"/static/7313f8e38afd2c9efe419124dac7491d/f836f/sase-zero-trust-cover.jpg 200w,\n/static/7313f8e38afd2c9efe419124dac7491d/2244e/sase-zero-trust-cover.jpg 400w,\n/static/7313f8e38afd2c9efe419124dac7491d/14b42/sase-zero-trust-cover.jpg 800w,\n/static/7313f8e38afd2c9efe419124dac7491d/16310/sase-zero-trust-cover.jpg 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Navanita Devi","github":null,"avatar":null}}}},{"node":{"excerpt":"In this tutorial, we will be covering some authentication concepts and learn about authentication and how to use JSON JWTweb tokens to…","fields":{"slug":"/engineering/implementing-authentication-on-vuejs-using-jwt/"},"html":"In this tutorial, we will be covering some authentication concepts and learn about authentication and how to use JSON JWTweb tokens to authorize a Vue app. To continue in this tutorial, you should be comfortable using vue, vuex, and express.
\nIn our app, we have a login form. The user enters a username and password that is then posted to an endpoint. The flow of the app is the user opens the app, then the login page appears, the user submits the login form, which makes a post request to a login endpoint, then we check if the username and password check out, then we return a JWT and store the token in vuex and depending on the token we display a different page.
\n![\"App](\"https://paper-attachments.dropbox.com/s_E8FB3BC64D80223D4CC4AFEEE119F2426D27A7EBE018696513C17DED12022079_1622019813698_AppWorkflow.png\")
You can start a new project using the vue cli, but you have to install the CLI first by running-
\nnpm install -g @vue/cli\n OR\nyarn global add @vue/cliafter the cli is installed, you can create a new project by running-
vue create jwt-auth-appYou will then be prompted to select some basic setup. In your setup, select Babel, Linter, Vue Router, and Vuex!. That’s all we need.
\nTo set up our server, we need to install cors, dotenv, express, and nodemon
npm install cors dotenv expressOur server.js file is simplistic in a way that we just import express, tell it what port to listen to, and return “hello world” when we hit the base URL, and then we listen on that port.
\nrequire("dotenv").config();\nconst express = require("express");\nconst cors = require("cors");\nconst app = express();\nconst port = 3000;\napp.use(cors());\napp.use(express.json());\n\napp.get('/', (req, res) => {\n res.send('Hello World!')\n})\napp.listen(port, () => {\n console.log(`Example app listening at http://localhost:${port}`)\n})In our views folder, we add login.vue and welcome.vue files, and in the login.vue file, we build out the login form. But before that, we want to add a route to our vue router so that we can navigate to the login and welcome page.\nSo for the index.js file of our router folder, we import the login and welcome view, and we add login and welcome routes for the components to point to.
import Vue from "vue";\nimport VueRouter from "vue-router";\nimport Login from "../views/Login.vue";\nimport Welcome from "../views/Welcome.vue";\nVue.use(VueRouter);\nconst routes = [\n {\n path: "/",\n name: "Welcom",\n component: Welcome,\n },\n {\n path: "/login",\n name: "Login",\n component: Login,\n },\n];\nconst router = new VueRouter({\n mode: "history",\n base: process.env.BASE_URL,\n routes,\n});\nexport default router;We can now navigate to both pages. On our welcome page, we want to check if the user is not logged in, then present the link they can click to navigate to the login page. We use a router link to achieve this.
\n<template>\n <div>\n <h1>Welcome</h1>\n <router-link to="/login"><button>Login</button></router-link> \n </div>\n</template>In our login view, we scaffold our form. In the form, we are going to have two input boxes, one is the username input, and the other is a password. We then add a button with the type submit to submit the form. When we submit, we perform a login function in our script then set preventDefault on our form to stop the page from refreshing each time we click the login button.\nIn the script of our application, we model our input data by doing a two-way binding to the data state.
<template>\n <div>\n <h1>LOGIN</h1>\n <form @submit.prevent="login">\n <input v-model="username" placeholder="username" />\n <br />\n <br />\n <input v-model="password" placeholder="password" type="password" />\n <br />\n <br />\n <button type="submit">Login</button>\n </form>\n </div>\n</template>\n<script>\nexport default {\n data: () => {\n return {\n username: "",\n password: "",\n };\n },\n};\n</script>![\"login](\"https://paper-attachments.dropbox.com/s_E8FB3BC64D80223D4CC4AFEEE119F2426D27A7EBE018696513C17DED12022079_1622020162212_loginForm.png\")
For the login method that runs when you click the button, we would like to perform an HTTP request to our express backend. We want to make a post request to our /login route we will create in our server.\nIn the fetch method, the first parameter is the URL you are sending a request to. Then the second is the object you are posting containing the headers, which contain information about the request, and the body containing the form data.
<script>\nexport default {\n data: () => {\n return {\n username: "",\n password: "",\n };\n },\n methods: {\n login() {\n fetch("http://localhost:3000/login", {\n method: "POST",\n headers: {\n "Content-Type": "application/json",\n },\n body: JSON.stringify({\n username: this.username,\n password: this.password,\n }),\n });\n },\n },\n};\n</script>In our server.js, we create a post request to the /login route and send back some json to test it out. Now, if we click login now, we get back a 200 ok message.
Note: Make sure you set up *cors* so that you don't encounter an error message when hitting the */login* route
app.post("/login?", (req, res) => {\n res.json({\n message: "hello ma guy"\n })\n})The next step is to check if the username or password exists in a database or somewhere else. To not waste time dealing with a database, we can use a hardcoded username and password. In the post route, if somebody tries to log in with the exact login information we just hardcoded, we want to give the person a green light and log the person into the application; otherwise, we throw an error.
\nUsing the login payload we got from submitting the form, we can now check if the username and password are the same; else, we throw an error and respond with a status of 403 and a wrong login information message.
\napp.post("/login", (req, res) => {\n const USERNAME = "uma victor";\n const PASSWORD = "8888";\n const { username, password } = req.body;\n if (username === USERNAME && password === PASSWORD) {\n const user = {\n id: 1,\n name: "uma victor",\n username: "uma victor",\n };\n } else {\n res.status(403);\n res.json({\n message: "wrong login information",\n });\n }\n});This is the interesting part of the tutorial. Now, if you provide the correct login information and it checks out, the next step is to sign a JWT web token. Let’s first install the JWT plugin.
\nnpm install jsonwebtokenalso, make sure to import it at the top of your server.js file
const jwt = require("jsonwebtoken");Then when the user login is successful, we want to send a JWT that is signed. So we import the JWTpackage. Then you sign in with a unique password. In a real application, we will want to have a .env file where we store the secret key. Then use process.env to grab and use it when signing our user model. Imagine we have a user object which we got back from our database with a unique ID, name, and username.
app.post("/login", (req, res) => {\n const USERNAME = "uma victor";\n const PASSWORD = "8888";\n const { username, password } = req.body;\n if (username === USERNAME && password === PASSWORD) {\n const user = {\n id: 1,\n name: "uma victor",\n username: "uma victor",\n };\n const token = jwt.sign(user, process.env.JWT_KEY);\n res.json({\n token,\n user,\n });\n } else {\n res.status(403);\n res.json({\n message: "wrong login information",\n });\n }It is the user object we want to sign, so when you send it to the client. We can uniquely identify them. The unique ID is also very important because when a server gets a request with a token, we want to know what uniquely identifies the request.\nNow when we enter the username and password in our form, we can see in the console that our JWT token is generated but is not encrypted.
\nYou can visit this site jwt.io and paste in the token that was generated, and your token will be decoded and return information about your payload
\nNote: The token is not encrypted, and anyone who gets access to the token can hit your server with it. Tokens normally have an expiry period of between 30 - 60 minutes
\nIn our fetch method in the login view, we want to get back the token and the user and store it somewhere. Now we make our login method async, then we set our response to equal to the fetch method that returns the user and token, and we get back the user and token from the response.
<script>\nexport default {\n data: () => {\n return {\n username: "",\n password: "",\n };\n },\n methods: {\nasync login(e) {\n e.preventDefault();\n const response = await fetch("http://localhost:3000/login", {\n method: "POST",\n headers: {\n "Content-Type": "application/json",\n },\n body: JSON.stringify({\n username: this.username,\n password: this.password,\n }),\n });\n },\n },\n};\n</script>In our store, we add the user and token data in our state and set them to null initially. You can use the token to see if the user is logged in or not. If the token is null, then we are not logged in, but if it’s set to something, then we are probably logged in.\nWe create a setUser mutation in our mutation object that sets the state to the user object. We also create a setToken mutation to assign our token.
import Vue from "vue";\nimport Vuex from "vuex";\nVue.use(Vuex);\nexport default new Vuex.Store({\n state: {\n user: null,\n token: null,\n },\n mutations: {\n setUser(state, user) {\n state.user = user;\n },\n setToken(state, token) {\n state.token = token;\n },\n },\n actions: {},\n getters: {},\n});Note: It is best practice to always call mutations from our actions, but since our mutations can easily be traced, we are calling the mutations directly
\nIn the login view, we can import mapMutations from vuex and map the setUser and setToken mutation. We can now call the mutations from the login method.
<script>\nimport { mapMutations } from "vuex";\nexport default {\n data: () => {\n return {\n username: "",\n password: "",\n };\n },\n methods: {\n ...mapMutations(["setUser", "setToken"]),\n async login(e) {\n e.preventDefault();\n const response = await fetch("http://localhost:3000/login", {\n method: "POST",\n headers: {\n "Content-Type": "application/json",\n },\n body: JSON.stringify({\n username: this.username,\n password: this.password,\n }),\n });\n const { user, token } = await response.json();\n this.setUser(user);\n this.setToken(token);\n },\n },\n};\n</script>Now that we're logged in, our state has been mutated and updated with the information from our form. But after we login, we want to redirect to our welcome page using the $router.push(\"/\") method to redirect to the home page, which is also our welcome page.
this.$router.push("/");// image of the welcome page here\nSince you are logged in, you don’t want the login button showing anymore on the welcome page. You can use a getter from our store to do this. We check if the token is null or not and return true or false.
getters: {\n isLoggedIn(state) {\n return !!state.token;\n },\n},then in our welcome component template, we can use now map to our Getter and use the v-if directive to display the login button if isLoggedIn is true or false
<template>\n <div>\n Welcome\n <router-link v-if="!isLoggedIn" to="/login"><button>Login</button></router-link>\n </div>\n</template>\n<script>\nimport { mapGetters } from "vuex";\nexport default {\n computed: {\n ...mapGetters(["isLoggedIn"])\n }\n};\n</script>In this tutorial, we looked at how to authenticate a person using the JSON web token. We created a login form and used an express server for the login route in the application using Vue.js as a frontend framework.
\nToday social media video marketing is one of the must-have strategies in all businesses' advertising toolbox. Research shows that 76% of marketers believe that social media videos produce more conversions than any other marketing technique.
\nAccording to statistics, 63% of companies today are using video marketing, and 89% of businesses believe that videos boost ROI. Therefore, it is clear that video is performing exceptionally well on social media.
\nSo, where is it headed in the years to come?
\nWith current social media video trends and research, marketing experts believe that Facebook, YouTube, and Instagram will be the best platforms for social media videos in the future. Plus, they think that brands who will gravitate towards these platforms will be most successful in the future.
\nFortunately, companies already know the reasons why using social media videos is vital to their business. However, if you are confused if social media videos are among the best ways to promote your business? The answer is yes!
\nVideos are one of the most profitable digital marketing tools. 91% of marketers believe video is crucial for business growth even during the coronavirus pandemic. Yet, if you are still not convinced, here are the reasons why marketers will love to use social media video marketing in 2021 and even in the years to come.
\nMarketers are expected to invest in social media video marketing soon since numerous reasons contribute to them.
\nToday 61% of consumers look forward to watching video content while selecting a brand. Thus, videos are an effective way of engaging consumers and convey information better than static imagery.
\nWith strategic videos becoming a part of the consumer experience, more people are likely to shop online. Thus, it becomes critical for brands to create videos for social media and promote their products strategically. With 55% of people expected to rely on a brand's video content when making a purchase decision, the importance of videos is only going to increase.
\nDid you know that to produce promotional videos, 38% of marketers use smartphone apps? Yes! Online video editing tools are improving every day and are affordable as well. Therefore, to get the consumers more interested and excited, companies are using creative Facebook videos, Product tutorials, explainer videos to promote their product or services.
\nAccording to reports, 14% of marketers make videos every day to engage audiences. Plus, 36% of the businesses make videos a few times a week. The reason is simple. With more and more consumers relying on videos for making purchasing decisions, producing quality videos is critical for businesses.\n![\"book-a-demo-Consultation\"](\"/f939a3bad522a8f89df24736547fd4b7/42.gif\")
According to statistics, 52% of businesses today say that video helps them build trust with their potential consumers. Most people are skeptical about buying products on the internet because they don't want to get cheated. Video is the most effective way of telling a brands' story and building trust on social media. Well, that's why 24% of video marketers plan to use interactive video in their video marketing plan 2021 and ahead.
\nMost marketers are using the power of video to build emotional connections with their followers with Facebook Live videos. A recent report shows that 89% of video marketers plan to incorporate YouTube in their video marketing strategy. Plus, 65% of them also plan to include Instagram in their marketing strategy. Therefore, it becomes crystal clear how video marketing on these three platforms will increase with time.
\nHaven't you heard about Twitch yet? If not, you will be surprised to know that this video game streaming platform has grown to 1.4 million viewers from 102K viewers in just eight years.
\nEven though Facebook, YouTube, and Instagram are the giants in social media videos, platforms like Tiktok, WeChat, and WhatsApp also have millions of users and this is a good place where businesses can make a social media viral video.
\nTwitter has also started using video with its newest feature, Fleets. With this feature, users can post videos to their timelines and promote their business creatively. Below is an example.
\n So, it is not surprising when YouTube reports mobile video consumption rising every year. Besides, With the popularity of Video content skyrocketing, statistics reveal that 96% of consumers say that the amount of video content they've watched online during the pandemic has increased. Now, with mobile video means, brands are creating smartphone-optimized videos to entice audiences. Video marketing statistics show that thoughtfully created social media videos are a perfect combination of simplicity and amusement that is bound to grab consumers' attention. Therefore, marketing is going to be incomplete without videos and their promotion on social media. Today, many brands are posting consumer testimonial videos on their website and hosting Q&A sessions to boost their social content marketing with a dash of digital decoration. Therefore, it will be wiser to start creating videos that matter to you and your audiences and be a part of the golden future of social media video marketing. Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences. We’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way. The goal? Having them spend less time searching and more time building. LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible. Here’s a closer look at what’s new and why it’s important: Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference. The new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter. So, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient. We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need: This structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem. We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available. The new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions. Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs. Our platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks. Check out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications. Do not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!Conclusion
\nWhat’s New and Improved on the LoginRadius Website?
\nA Developer-Friendly Dark Theme
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Clear Categorization for LoginRadius Capabilities
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
\n
\nDeveloper-First Navigation
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
Quick Understanding of Integration Benefits
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Over to You Now!
\n