Verified ID Experience: Part 1
Verifiable Credentials seeks to eliminate the need to store your passwords and sensitive data on someone else's server. Instead, you would store a credential that lives on your device. So, instead of the identity provider being the source of truth for "are you who you say you are", you and your device are. The spec also allows for a couple of interesting privacy-preserving features. Say you have a student ID card that has your full name and ID number - By Matt Takemoto
Continue Reading
Using social identity providers to log into other websites, a first-person narrative
Matt Takemoto, our newest software engineer at WhoIAM describes how he revisited a Spotify account breach he experienced in the past after he started working at an identity/security company.
Continue Reading
Hashed Password Migration in Azure AD B2C
Migrating from an older identity and access management solution often requires some careful thought on how to port over hashed and salted passwords into your new IAM system. In this post, we will discuss how to deal with migrating hashed passwords from your current identity provider into Azure AD B2C
Continue Reading
How to Recognize and Prevent Credential Stuffing Attacks on Azure AD B2C
As a company implementing an IAM solution, it is essential to have a plan for mitigating hard-to-discover attacks like credential stuffing. Keep in mind that while you must enforce security measures, there’s careful consideration that needs to go into providing a highly secure authentication mechanism, while ensuring that the friction of logging into your app does not result in customers just dropping off and not completing a registration or sign-in.
Continue Reading