Version 0.6.0 of passport has been released, which improves robustness against classes of session fixation attacks. Being a security enhancement, I’d advise upgrading as soon as possible. But first, let’s look at the problem and the enhancements introduced in this release in order to…

This release reverts a change introduced in v0.5.1, with passport.initialize() middleware again extending requests with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions. This now correctly matches the behavior in v0.5.0, with only versions 0.5.1 and 0.5.2…

The initial version of passport-fido2-webauthn has been released! This strategy expands the Passport ecosystem with a strategy capable of strongly authenticating a user in a fully passwordless manner.

Authentication is in a renaissance period right now, with strong cryptographic credentials becoming available to a wider set of people more quickly than ever before. The traditional web is rolling out WebAuthn, while the emerging Web3 and blockchain communities are innovating with…