Authentication

One-time passwords (OTPs) are short-lived authentication codes used to verify a user or transaction and help prevent account takeover and replay attacks by being valid for only a single use or a narrow time window[1][4]. This article explains the cryptographic foundations, standardized algorithms (HOTP and TOTP), delivery methods, security tradeoffs, implementation considerations, and best practices—plus links to authoritative resources you can consult for implementation details and standards[3][4][9]. Table of contents Introduction OTP fundamentals: what an OTP is and why it helps Core algorithms: HOTP and TOTP (how they work step-by-step) Other OTP flavors and delivery channels Security considerations and common attacks Implementation guidance and developer checklist User experience and operational concerns Further reading and authoritative resources Conclusion OTP fundamentals: what an OTP is and why it helps Definition: An OTP is a code generated for a single authentication event or a short time window; once used or expired it cannot be reused[1][3]. Purpose: OTPs add a possession factor to authentication—something the user has (device, phone, token)—complementing something they know (password) and reducing the impact of leaked static passwords[1][3]. Typical properties: short numeric or alphanumeric codes (commonly 6 digits), cryptographically derived from a shared secret plus a moving factor (counter or time), and validated server-side without storing reusable credentials[3][4]. Core algorithms: HOTP and TOTP Both HOTP and TOTP are standardized, widely used, and form the basis of most OTP systems. ...

Introduction Redis Access Control Lists (ACLs) let you define who can do what across commands, keys, and channels. Introduced in Redis 6 and expanded since, ACLs are now the standard way to secure multi-tenant applications, microservices, and administrative workflows without resorting to a single, global password. In this guide, you’ll learn how Redis ACLs work, how to design least-privilege access for different use cases, how to manage ACLs safely in production (files, replication, rotation), and how to audit and test your permissions before you deploy. ...

Table of Contents What is Supabase? Setting Up Your First Supabase Project Database Fundamentals Authentication (Auth) Row Level Security (RLS) Realtime Subscriptions Storage (File Uploads) Edge Functions Building a Complete SaaS Application Production Best Practices Resources What is Supabase? Supabase is an open-source Firebase alternative built on PostgreSQL. Think of it as your entire backend in a box: PostgreSQL Database: A real, powerful SQL database (not a limited NoSQL solution) Authentication: Email, OAuth, magic links - all handled for you Realtime: Live data updates without writing WebSocket code Storage: File uploads with CDN delivery Edge Functions: Serverless backend logic Auto-generated APIs: REST and GraphQL APIs created automatically from your database Why Supabase for SaaS? ...