The hottest Substack posts of ciamweekly

And their main takeaways
62 implied HN points β€’ 23 Jun 25
  1. Passwords are becoming less common as new methods like passkeys and magic links are easier and safer. However, passwords will still be around because they give users full control.
  2. The customer identity and access management (CIAM) industry is still growing. As the internet expands, we'll need accounts for all kinds of everyday tasks.
  3. Learning from other people's experiences is valuable. The conference showcased practical lessons on handling user authentication and security from real-world situations.
250 implied HN points β€’ 18 Nov 24
  1. There are many new startups in authentication since Auth0 was bought. This is because developers can easily build and use these tools themselves.
  2. Self-hosting is becoming popular again with modern solutions available. Some companies make it tough to download these options so users rely on their SaaS services instead.
  3. Many businesses are moving away from creating their own authentication systems. They see it as something best handled by specialized vendors, which helps them focus on their main goals.
62 implied HN points β€’ 10 Feb 25
  1. Choosing a CIAM solution that follows standards like OIDC and SAML can enhance security, thanks to the collective expertise of many developers. This leads to fewer vulnerabilities and better protection for users.
  2. Using a standards-based CIAM system makes it easier for your software to work well with existing tools and libraries. This can speed up development since your team is likely already familiar with these standards.
  3. A standards-compliant CIAM solution offers better portability if you need to switch systems later. It allows for shared practices between different solutions, reducing the need to start from scratch when migrating.
62 implied HN points β€’ 03 Feb 25
  1. CIAM helps businesses balance security and user experience. If security is too tight, users get frustrated, while loose security can lead to risks.
  2. Without CIAM, companies waste time creating custom access control systems. CIAM makes it easier for developers to manage permissions, so they can focus on product development.
  3. The future of CIAM involves managing machine identities as much as human ones. As automation grows, businesses will need new methods to handle permissions for both types of users.
62 implied HN points β€’ 27 Jan 25
  1. The CIAM market is growing fast, with estimates ranging from $12.5B in 2024 to $43.6B in 2034. This shows a big interest in managing customer identities.
  2. CIAM is different from IAM, focusing on customers instead of employees. This market is not as big as data storage or CRM but has its own importance.
  3. Companies in this market can earn a lot, but revenue is unevenly spread. Some big firms like Auth0 and Ping pull in significant revenue, while smaller startups are also emerging.
Get a weekly roundup of the best Substack posts, by hacker news affinity:
62 implied HN points β€’ 30 Dec 24
  1. CIAM software is similar across different platforms, which makes it easy to use but also complex in its features.
  2. CIAM is very important for security since it manages sensitive data like passwords and personal information.
  3. Using managed services like CIAM helps developers save time and focus on building better software instead of handling complex login systems.
62 implied HN points β€’ 02 Dec 24
  1. Authorization is just as important as authentication. While authentication is about identifying who someone is, authorization defines what they can do in the system.
  2. It's crucial to set clear rules for what users can and cannot access. Users should be able to manage their own data, but not access or delete data that belongs to others.
  3. Using centralized authorization services makes managing access easier and more consistent. This way, applications can quickly check permissions without getting bogged down in complicated code.
9 HN points β€’ 22 Jan 24
  1. WebAuthn (passkeys) is a standard for easier web authentication, replacing traditional methods like passwords.
  2. Different authentication methods like federated logins or magic links have their own weaknesses, such as shared points of failure and trust issues with remote servers.
  3. WebAuthn improves security using public/private key cryptography, but comes with challenges like handling private keys securely and potential account recovery issues.
14 HN points β€’ 21 Aug 23
  1. CIAM servers offer convenience by centralizing user logins for multiple applications.
  2. Even with just one application, using a CIAM system can simplify implementing advanced login features.
  3. Outsourcing authentication to a CIAM system makes it easier to maintain features like social login and magic links.
2 HN points β€’ 05 Mar 24
  1. Credentials in a CIAM system help identify users through login info, passwords, public keys, MFA, etc.
  2. User Provided Profile Data includes details users share, ranging from basic to complex attributes, gathered during registration or progressively.
  3. Consents in a CIAM system capture user permissions for marketing or legal purposes, different from other profile data as they can be explicitly granted or revoked.
2 HN points β€’ 26 Feb 24
  1. Data modeling involves the choice between normalizing data and using denormalized data, each with its own strengths and tradeoffs.
  2. Normalized data leads to less data duplication and easier data updates, but may result in challenges with historical data and performance.
  3. CIAM systems, along with IAM and directory systems, normalize user data to centralize customer information, providing benefits like easy querying and centralized authentication, but also introducing challenges like session handling and updating data across systems.
2 HN points β€’ 16 Jan 24
  1. User data migration in CIAM involves moving users from a legacy system to a new one.
  2. Options for user data migration include bulk, drip, and hybrid approaches.
  3. Reasons for migrating user data include cost, functionality, system end of life, and offloading effort.
3 HN points β€’ 07 Aug 23
  1. Be cautious about who you trust, especially when it comes to user identity verification.
  2. Understand how identity providers verify user identity when offering single sign-on for consumer scenarios.
  3. Mitigate federation risk by carefully choosing who you trust, segmenting users and identity sources, and avoiding matching accounts on mutable attributes.
2 HN points β€’ 04 Dec 23
  1. Trust in a community of customers can easily be lost without clear detection.
  2. For CIAM, ensuring consistent and accessible authentication processes is crucial for maintaining trust.
  3. Respecting user consents and avoiding unauthorized password resets are key in preventing trust erosion in CIAM.
2 HN points β€’ 13 Nov 23
  1. Magic links are a convenient form of user authentication for CIAM systems.
  2. Consider where users receive messages and the deliverability of codes or links.
  3. Security concerns with magic links include the risk of attacks and the need for additional layers of authentication.
2 HN points β€’ 06 Nov 23
  1. CIAM encompasses various protocols beyond OIDC and SAML, such as NTLM, Kerberos, LDAP, and session-based solutions.
  2. Different client applications may require different authentication protocols, highlighting the need for flexibility in CIAM solutions.
  3. Continuous evolution and adaptation of authentication technologies are crucial to address new threats and meet changing security needs.
2 HN points β€’ 02 Oct 23
  1. Hashes are crucial for securing our online identity, from passwords to token signatures.
  2. Using hashes for storing secrets prevents access to plaintext values in the database.
  3. Cryptographic hash functions have been used for password encryption since the 1960s and remain essential in authentication systems.
2 HN points β€’ 18 Sep 23
  1. Authentication is not just about signing in, but also about signing out and ending sessions.
  2. Proper sign-out processes are essential for security, especially when dealing with multiple applications or identity sources.
  3. The importance of sign-out varies based on the type of CIAM system you are using, whether standalone or integrating with other identity sources.
2 HN points β€’ 11 Sep 23
  1. Step up authentication requires users to provide additional proof of identity for certain actions.
  2. Step up authentication is crucial for high-risk activities like money transfers or modifying sensitive information.
  3. The RFC outlines how resource servers can request elevated access conditions for step up authentication.
1 HN point β€’ 18 Mar 24
  1. Passwords are still widely used due to being supported by many applications, being cost-effective, and familiar to users.
  2. Hashing passwords adds a crucial layer of security by making it harder for attackers to retrieve passwords in the event of a breach.
  3. When it comes to password hashing algorithms, it's important to stay updated on recommendations, such as NIST guidelines, and to choose wisely based on current security best practices.
1 HN point β€’ 11 Mar 24
  1. B2C, B2B, and B2B2E applications require different approaches to customer identity and access management (CIAM) systems.
  2. B2C applications aim at end consumers, requiring smooth registration and authentication processes due to user choice.
  3. B2B and B2B2E applications cater to business and employee users, with focus on organization structures, payment collection, and different authentication needs.
2 HN points β€’ 17 Jul 23
  1. Using multi-factor authentication (MFA) can help secure user accounts by requiring an additional proof of identity.
  2. Phishing occurs when attackers create fake sites to steal user credentials, which can be problematic with MFA.
  3. Leveraging DNS in authentication processes can provide an additional unphishable factor in account security.
1 HN point β€’ 29 Jan 24
  1. CIAM systems help customers authenticate, while IAM systems help employees.
  2. CIAM systems typically have more users than employees.
  3. Key workflows for a CIAM system include authentication, account association, self-service registration, password management, and multi-factor authentication.
1 HN point β€’ 02 Jan 24
  1. CIAM federation allows users to sign in with credentials from another provider like Google or GitHub.
  2. Account linking in federation is crucial to prevent multiple accounts for the same user.
  3. Benefits of federation include centralized access control and a smoother sign-up process, but tradeoffs include potential data limitations and dependence on big providers.
1 HN point β€’ 11 Dec 23
  1. The podcast episode discusses the origin story of FusionAuth.
  2. The episode covers how FusionAuth's customers addressed authentication issues before using FusionAuth.
  3. Brian Pontarelli shares insights on passwordless adoption challenges and his predictions for CIAM industry growth.
1 HN point β€’ 09 Oct 23
  1. WebAuthn technology allows for user authentication using public/private key cryptography.
  2. Passkeys, or WebAuthn, are becoming more widely supported by various services.
  3. Federated logins and passkeys serve different authentication needs based on user device ownership.
1 HN point β€’ 03 Jul 23
  1. CRM and CIAM systems both focus on people interacting with an organization and provide profile information.
  2. A critical difference is that CRM records customer actions but customers do not interact with it directly, while CIAM systems face the user directly.
  3. CIAM systems focus on profile management tasks like changing passwords or updating profiles, while CRM systems focus on the customer relationship.
0 implied HN points β€’ 05 Jun 23
  1. Choose an authentication solution that supports all login options needed by your users.
  2. Beware of extra charges for SSO integration and user management when selecting a vendor.
  3. Ensure the reliability of the authentication system to prevent software inaccessibility during downtime.
0 implied HN points β€’ 22 May 23
  1. Browser cookie handling changes will impact federated identity in web applications.
  2. Federated identity involves one app delegating authentication to another app.
  3. Heather Flanagan is leading the effort to address upcoming changes in the Federated Identity community group.
0 implied HN points β€’ 08 May 23
  1. Software obsolescence is a significant concern as software becomes more integrated with connected hardware.
  2. When considering building or buying CIAM solutions, don't forget to factor in obsolescence.
  3. Securing user identity in CIAM is essential, and addressing software obsolescence is a crucial part of this.
0 implied HN points β€’ 25 Sep 23
  1. CIAM involves the intersection of security, customer experience, and analytics.
  2. Key features of CIAM include self-service, standards-based integrations, and customizability.
  3. CIAM differs from CRM systems as it focuses on enabling customers to manage their own identities and access control for various applications.
0 implied HN points β€’ 23 Oct 23
  1. The first option is to roll your own data store for user models, but it requires maintenance, security, and updates.
  2. The second option is to use a library or framework for user models, offering benefits like community support and battle-tested software.
  3. The third option is to use a standalone identity server for user data storage, providing normalized user data across applications.
0 implied HN points β€’ 20 Jan 25
  1. Customer Identity and Access Management (CIAM) is crucial for protecting valuable information while also providing a smooth user experience. Businesses need both security and ease of access for their users.
  2. Many challenges exist with CIAM, especially around the variety of credentials like tokens and keys. It's important to find ways to manage these different types safely and effectively.
  3. The future of CIAM looks promising with innovations that balance security and usability. There's hope for better management of roles and permissions across different systems.
0 implied HN points β€’ 11 Nov 24
  1. Some accounts don't need strong security, so using email or phone for login is enough. It's easy for users who only want to use something once or rarely.
  2. Many people prefer quick login methods, like magic links or one-time codes, instead of complicated passwords. This reduces hassle and makes using apps simpler.
  3. Removing barriers to access can benefit both users and companies. When login is easier, users are more likely to engage with the app.
0 implied HN points β€’ 04 Nov 24
  1. CIAM helps keep user access secure and reduces the stress on teams by managing the entire user lifecycle, from registration to access control.
  2. A major challenge for CIAM is staying compliant with global data privacy laws while ensuring a smooth user experience, especially for business-to-consumer products.
  3. The future of CIAM is promising, especially with improvements in security measures and the need for integration with various technologies for better user identity management.
0 implied HN points β€’ 28 Oct 24
  1. NIST has new digital identity guidelines that help manage users better, including tips on authentication and user verification.
  2. The podcast highlights some key points like avoiding security questions and using multi-factor authentication.
  3. It’s fun to make a podcast about your own career achievements with AI, which can give you a little boost if you're feeling down.
0 implied HN points β€’ 17 Feb 25
  1. AI agents will need better ways to access user data, and OAuth could provide a way to do that with its scope system. It helps keep user data secure and structured.
  2. The landscape for AI agents is much more fragmented than social platforms. Many smaller companies don't have the systems in place for OAuth, which makes it harder for widespread adoption.
  3. There might be a mix of solutions where big companies lead with better APIs for agents, while smaller ones could use more casual methods to let agents access information, making it tricky for users to manage their data rights.
0 implied HN points β€’ 03 Jul 21
  1. The post discusses Customer Identity and Access Management (CIAM) news and analysis.
  2. Dan Moore is the head of developer relations for FusionAuth and has over 20 years of experience in software development.
  3. Readers are encouraged to sign up for CIAM Weekly to receive the first issue and to share it with friends.