A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.
Selfauth is a self-hosted Authorization Endpoint used to login with a personal URL (as Web sign-in) via IndieAuth.
Requires only two files in a subdirectory, index.php and config.php. Does not require a database, writes its own config file. Then hide a link like this in your site's <head></head> block:
<link rel="authorization_endpoint" href="https://example.com/auth/" />
When logging into a site that supports it, your username is the URL of your website (https://example.com/) and your password is the password you gave when you set up selfauth.
Curated list of awesome technology protocols with a reference to official RFCs.
privacyIDEA is a modular authentication server that can be used to implement 2fa with your existing applications. Can use many different back-ends, from LDAP to Active Directory to flat files. Has a self-service portal for users. Policies enforce different requirements on groups. Supports HOTP, TOTP, SafeNet, eToken Pass, Safeword, OTP cards, Google Authenticator, RADIUS, SMS one-time tokens...
Has a TokenClass which is designed for adding new authentication devices. Has a REST API. Plugins for many services available. Supports detailed audit logging. Supports multiple databases for its datastores. Database contents are AES encrypted.
Github repo: https://github.com/privacyidea/privacyidea
Minimal HTML login page that uses a json file as a database.
MinTOTP is a Python tool that can be used to generate TOTP values from a secret key. Additionally, it exposes its functionality as module-level functions for Python developers. It can be used on any system with Python 3.4 or later installed on it. 30 lines of code (counting empty lines).
Github repo for the MIT RFID ring kit. Includes greyprints for fabbing your own rings.
A massive online database of default passwords for networking hardware, embedded devices, and operating systems.
Open source captive portal software for setting up your own wireless hotspot.
A good explanation of why /etc/shadow on Ubuntu Linux boxen is owned by group 'shadow' and is set 0640 rather than 0600.
Have you ever tried to SSH into one of your boxes, only to get dropped with a "Too many authentication failures" error? Here's how to fix it (it's a server side problem).
Ross Anderson put the entire second edition of Security Engineering on his website for free download. It's been very highly rated and recommended. Each chapter comes in its own PDF so be prepared to use a downloader to grab it all.
HybridAuth is a library for web apps which implements social sign-ins (meaning, you authenticate with an existing social network account (like Twitter or Facebook)) rather than applying for an account with an e-mail address. Lets the user import established profiles and contact lists from the socnet account they logged in with. Also has a library of plugins for existing frameworks and applications, from Drupal to Concrete to Wordpress. Written in PHP so that it'll run on just about every webhost out there out of the box.
How to configure Apache so that users need to authenticate to see any resources, but users accessing http[s]://localhost/ don't need to log in.
How to set up an Ubuntu machine to require Google Authenticator to SSH in.
A framework for building cryptographic protocols so you don't have to do it from the ground up. Mutual and optional authentication. Multiple languages supported.
A curated list of awesome tools and software for sysadmins.