Eddington.Tech
Systems · Identity · iOS

Hunter Eddington

System Engineer & IAM Engineer

I design and harden infrastructure, identity systems, and access controls. And I build iOS apps that put security in your pocket.

About meMy apps

Background

Who I am

I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.

On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.

On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.

Identity & Access ManagementOAuth 2.0 / OIDCZero Trust ArchitectureiOS DevelopmentSwift / SwiftUIKeychain & Secure EnclaveSystem HardeningTerraform / Infrastructure as Code

Portfolio

iOS apps

Side projects and experiments. Each has its own page — start with Autheris.

🔐

Autheris

Secure 2FA Token Manager

An iOS app that stores your two-factor authentication codes on device with encryption. Add tokens by scanning QR codes, tap to copy codes, and keep everything private with optional blur and app-switcher hiding.

Learn more →

Latest

Recent posts

Security research, technical deep-dives, and threat intelligence. View all posts →

IAM·4 min

Meta's AI Support Bot Got Tricked Into Resetting Passwords

Meta's AI support assistant spent the weekend resetting passwords for attackers who asked nicely. The Obama White House Instagram, the U.S. Space Force's social media - both defaced through AI social engineering. The only accounts protected were the ones with MFA.

Hardening·15 min

Vibe Coding Security: Enterprise Defense Against Shadow Builder Exposures [2026]

2,000+ publicly accessible vibe-coded applications holding sensitive corporate data. Shadow Builders are bypassing every security control you've built. This is the enterprise defense playbook for a problem most organizations haven't acknowledged exists yet.

IAM·3 min

OpenAI Codex Tokens Stolen via npm Package with 29K Weekly Downloads

A 29K weekly-download npm package has been silently stealing OpenAI Codex authentication tokens for a month. The malicious code is only in the npm build—GitHub looks clean. Refresh tokens don't expire; stolen once, valid forever.