Do not allow Credential Theft

Although cyber attacks have evolved in their targeting methods and external appearances, they often exploit a familiar set of organizational vulnerabilities. Today it has been a tough day for some identity providers. Unfortunately such breaches have some impact to everyone!


Given all the recent high profile attacks and the current political situation we take the opportunity to talk about where we see security heading and how our system works.


Adding more credentials like one-time passcodes and magic links just gives the hackers more stuff they need to steal but doesn’t solve the issue. Password managers/SSOs make it easier for users, but put all your credentials in one place so one single hack can give access to everything.


The conclusion is that it is of outmost importance that credentials that can be stole have to be eliminate. It is very easy to achieve this!


Credentials must remain local. As soon they are in transit they become phishable and can be stolen. Whether that is a code sent via SMS or a password that is known by both the user and the database of the app you are logging in to.


Credentials are “secrets” that are shared. The key to eliminating theft, is to eliminate shared secrets. This includes passwords, one-time codes, and push notifications for logging in.


CodeB does not lock down credentials or put walls around them or add more layers of security. CodeB simply removes the key to the front door, making it so there is nothing for a hacker to steal that would give them access to your apps and data!


With CodeB your credentials never leave your perimeter – they remain local.


Source: https://blog.codeb.io/do-not-allow-credential-theft/

Recent Posts

See All