2FA

A password and login combination is still the most common security factor, but these credentials leave users vulnerable to account takeover attacks as they are easy to hack. With 2FA, a second security factor is added to the first, ensuring that even if a password is compromised, users’ accounts remain protected.

What is Credential Stuffing?

Malware often gets top billing in mainstream news reporting of cyber-threats. It makes for snappy headlines and a compelling narrative—–but it’s not the whole story. Increasingly, organizations are finding customers exposed to malware-free account takeover attacks, which could result in serious data theft. There are several ways hackers can…

Phone numbers as identifiers: The problem with SMS-based authentication

I recently heard about a Facebook user who encountered a very concerning login experience. After entering a password recovery code he had received via SMS, the user was accidentally logged into someone else's Facebook account. The phone number the user had used to receive the SMS was actually a recycled number that previously belonged to someone…

The Ultimate Authentication Playbook

With the rise of of credential stuffing and similar attack methods, simple username and password authentication is not enough to deter bad actors. According to the Verizon Data Breach Investigations Report, there were over 55,000 security incidents and 2,200 confirmed data breaches in 2018, with a whopping 81% of those incidents being tied to…

The Battle Between Build vs. Buy

Every development team must decide which components to build in-house and which to offload to a 3rd party vendor. This decision is often difficult and hotly debated. After all, most developers chose this career in order to build cool things! Choosing to relinquish that control to buy a solution can seem contrary to their raison d’etre. But…

What is Multi-factor, or Two-factor Authentication?

Passwords aren’t good enough. Securing your enterprise can seem like a daunting task. In the past, companies were comfortable with the standard username- and password-based authentication to all apps and services, with no additional methods of authentication or authorization. Access to corporate resources was protected by firewalls and VPNs. Here…

Update from Okta - Heartbleed

You’ve likely read about the Heartbleed vulnerability that has affected much of the Internet. The short version: Heartbleed is a bug that affects the way online services encrypt connections between their service and their users, and if not corrected can lead to sensitive information being revealed. Most services and sites on the Internet use…

Archive