Passwords and other shared secrets are the number one cause of data breaches. The security risks of passwords is widely recognized in the consumer space with the leading tech companies (and competitors) including Microsoft, Google, Apple joining together to create the FIDO Alliance to reduce the over-reliance on passwords. With FIDO, passwords are replaced with more secure, and easier to use biometric and cryptographic authentication.

This post introduces all the features released in Teleport 10. Teleport 10 includes version 10.0, 10.1, 10.2 and 10.3. You can always find an up-to-date status of Teleport releases in our docs. Teleport 10 is the biggest release so far in the history of Teleport in terms of feature sets. Before we dive into all the Teleport 10 features, let me first introduce you to...

A password is a secret, and a secret can be lost, stolen or traded on dark web marketplaces. Most engineers know this, that’s why every SSH tutorial begins with the instructions for disabling passwords and enabling private/public key pairs. But a private key is just another form of a secret. In this article, I will try to explain why all forms of secrets are bad for you.

Many databases were born over 25 years ago, back in the unadulterated times of LAN parties and IRC. SSL was just for banks and sending unencrypted database traffic accounts was just how you did things. When databases use unencrypted connections, it means someone with access to the network could watch all and inspect all database traffic.

In the first part of this blog post, we setup SSL/TLS for a MySQL database, using the built in self-signed certificates. The main problem using out of the box self-signed certificates is that clients can't verify that they're talking to the right database host, and it's not possible to verify the certificate chain. In this post we'll cover upgrading the client connection to VERIFY_IDENTITY and how to use Machine ID to continuously renew certificates.

Microsoft SQL Server is a popular relational database management system created and maintained by Microsoft. It’s effective in numerous use cases: storage and retrieval of data as part of a DBMS, transaction processing and analytics applications. However, there are some essential measures you must take to protect your database from cybercriminals and security breaches, as the default security settings are relatively insufficient to keep your database safe.

Enterprises are embracing the cloud native paradigm for agility, scalability, composability, and portability. Kubernetes, the open source container orchestration engine, is the foundation of modern, cloud native workloads. AWS customers can leverage managed Kubernetes available in the form of Amazon Elastic Kubernetes Service (EKS) or deploy a cluster based on upstream Kubernetes distribution running in a set of Amazon EC2 instances.

X11 forwarding, ssh -X, is an SSH protocol that enables users to run graphical applications on a remote server and interact with them using their local display and I/O devices. It is commonly relied upon by developers for securely interacting with remote machines across wide and heterogeneous server fleets.

The WebAuthentication API, or WebAuthn, facilitates secure authentication based on public-key credentials. The idea of passwordless and public-key authentication is not new, but the compatibility and interoperability of various elements in the authentication process were always weak. WebAuthn API aims to solve that problem by bringing the uniform authentication API into web browsers.