News + Updates

identity security

Verified ID Experience: Part 1

Verifiable Credentials seeks to eliminate the need to store your passwords and sensitive data on someone else's server. Instead, you would store a credential that lives on your device. So, instead of the identity provider being the source of truth for "are you who you say you are", you and your device are. The spec also allows for a couple of interesting privacy-preserving features. Say you have a student ID card that has your full name and ID number - By Matt Takemoto

Continue Reading

Using social identity providers to log into other websites, a first-person narrative

Matt Takemoto, our newest software engineer at WhoIAM describes how he revisited a Spotify account breach he experienced in the past after he started working at an identity/security company.

Continue Reading

Hashed Password Migration in Azure AD B2C

Migrating from an older identity and access management solution often requires some careful thought on how to port over hashed and salted passwords into your new IAM system. In this post, we will discuss how to deal with migrating hashed passwords from your current identity provider into Azure AD B2C

Continue Reading

How to Recognize and Prevent Credential Stuffing Attacks on Azure AD B2C

As a company implementing an IAM solution, it is essential to have a plan for mitigating hard-to-discover attacks like credential stuffing. Keep in mind that while you must enforce security measures, there’s careful consideration that needs to go into providing a highly secure authentication mechanism, while ensuring that the friction of logging into your app does not result in customers just dropping off and not completing a registration or sign-in.

Continue Reading
Page 1 of 1

Get in touch with us

We’d love to hear from you. Drop us a line if you’d like to discuss our work or would like to schedule a product demo.