Taking Security to the Next Level

Posted on by

Far too frequently I read articles regarding a website breach where a mind-numbing quantity of accounts and passwords have been stolen. Many large companies that have fallen victim to hack attacks are using very poor data storage techniques and as a result, putting information at risk.  For instance, LinkedIn has experienced 164,611,595 leaked accounts, according to the website Have I been pwned, and MySpace has had a staggering 359,420,698 leaked accounts.

Has your information  been compromised? You can visit Have I been Pwned to check if your username or email is listed on any of the 120 hacked websites and is part of the collection of over 1.3 billion passwords.

Increasing Security through Enhanced Password Parameters

To avoid a breach and account theft, it is important to take certain steps to properly store data. The first step is to take a random, but constant set of characters called a salt and add it to the start of the password. The second step is to then pass it through multiple iterations of a secure hashtag algorithm (sha) such as sha256. This makes it extremely difficult for someone to reverse that hash (you technically cannot reverse a hash, but you can use a rainbow table, which is used to crack password hashes and look up collisions).

First and foremost, don’t re-use passwords across accounts. Use a minimum password length of 12-14 characters and change them regularly. There are great tools like password managers to help as well.

Taking Security to the Next Level

eOriginal offers a wide range of options to enforce the creation of secure passwords. These options include:

  • Password complexity options (i.e. passwords must contain a certain number of letters, numbers, special characters, etc.)
  • Company administrators can set a max number of incorrect login attempts until being locked
  • How frequently passwords need to be reset, and the number of saved passwords allowed

However, we have added several additional layers of account security options:

  • Concurrent Session Warning – This option will alert you if more than one user attempts to log into an account at one time.
  • Authorized IP Addresses – This option will ensure that users can only login from a specific IP address or the IP address range of your company.
  • SAML Single Sign OnSAML is a technology that users to log into one site and have that logging shared across different sites. Many large organizations use SAML options so they can manage their own users accounts and passwords and authenticate their own users.

And just when you thought ‘Wow, eOriginal is really on top of security’, we went one step further. As a result of the 1.3 billion leaked passwords there is a lot of good data about how bad people are at creating and managing passwords. Keeping this in mind, we took the list of the 100,000 most common passwords and added an option into our system to prevent them from being used. Once this option is set eOriginal not only keeps your users from using one of these 100,000 top passwords, but our security settings also prevent basic replacements typically used, such as  a=@, e=3, l=! and so on. This will (for better or worse) make your users enlist different (and hopefully) more secure passwords.

We also added an additional option called browser fingerprinting. This is a technique that online ad companies have been using to track users across different websites. Browser fingerprinting takes all available information about your browser, some basic things such as operating system, browser type, installed plugins, time zone, and continues up to get more complicated information such as canvas fingerprinting.

The data captured gives eOriginal a good idea who you are before you even log in. When browser fingerprinting is enabled, we check to see if you have logged in from that exact browser before, if so, we let you log in. If not we send an email to the account holder with a random token, the token is then entered, allowing access and noting the browser as trusted.  This is a great way to ensure only you are logging into your account and also a way to get notified if anyone tries to access your account from a different device or country.

As you can see, eOriginal takes the security of our system very seriously, but we also work very hard to ensure your users take the security of their accounts seriously as well. For more information about these features please contact customer support or your eOriginal account manager.

 

This entry was posted in Best practices, Security, Technology, Uncategorized and tagged , .