Blog
Notes from the vault.
Writing on zero-knowledge authentication, security engineering, and building an auth platform in the open. Everything here is held to the same honesty rules as our docs.

Cryptography / July 5, 2026
Authentication that never sees the password
How ZKAuth verifies a login with a zero-knowledge proof instead of a password, and what that changes about the worst day of running an auth service.
Read the post
Product / July 5, 2026
Hosted auth with hard edges
Why ZKAuth hosted pages are intentionally constrained: exact callbacks, bounded branding, and no arbitrary code in the authentication surface.
5 min read
Security / July 5, 2026
API keys are environment slots, not identities
How ZKAuth treats live and test project keys, why they are server-only, and why pricing now calls them key slots instead of pretending they are users.
4 min read
Engineering / July 5, 2026
Fail closed: what auth should do when its own infrastructure breaks
When Redis goes down, most systems shrug and keep serving. In an authentication engine, that shrug is the vulnerability.
5 min read
Company / July 5, 2026
Security products should speak in boundaries
Why ZKAuth treats unsupported capability, partial capability, and shipped capability as different promises.
4 min read