Zalt Blog

Engineering insights, security best practices, and product updates from the Zalt team.

SecurityFeatured

Why We Disabled SMS MFA by Default

SS7 vulnerabilities make SMS-based authentication a security risk. Here's why Zalt takes a different approach and what you should use instead.

Security TeamFeb 1, 20268 min read
Product

Introducing AI-Powered Risk Scoring

Our new Bedrock-powered risk engine analyzes login patterns in real-time to detect credential stuffing and account takeover attempts.

Jan 28, 20266 min
Engineering

Building HIPAA-Compliant Authentication

How we designed Zalt to meet healthcare compliance requirements from day one, including audit logging, encryption, and access controls.

Jan 25, 202612 min
Product

MCP Server: Authentication for AI Agents

Introducing our Model Context Protocol server that lets AI agents authenticate users and manage sessions programmatically.

Jan 20, 20267 min
Tutorial

The Complete Guide to WebAuthn and Passkeys

Everything you need to know about implementing phishing-proof authentication with WebAuthn and passkeys in your application.

Jan 15, 202615 min
Company

Case Study: Clinisyn's Migration to Zalt

How Clinisyn migrated 4,000 psychologists across 11 countries to Zalt in under a week, with zero downtime.

Jan 10, 20265 min
Tutorial

Session Tasks: Implementing Step-Up Authentication

Learn how to use Zalt's session tasks feature to require additional verification for sensitive operations.

Jan 5, 202610 min
Engineering

Device Fingerprinting: How We Detect Suspicious Logins

A deep dive into our device fingerprinting system and how 70% fuzzy matching helps detect account takeover attempts.

Dec 28, 20259 min
Security

Why We Use Argon2id for Password Hashing

The technical reasons behind our choice of Argon2id with 32MB memory cost for password hashing.

Dec 20, 20258 min