Posts by Claire Hunsaker

Reputation.com Loses User Passwords, Emails, and Addresses

…or How To Report Password Attacks Reputation.com just reported a security breach to users, with the email below. There are some great takeaways here for reporting breaches to your users: Be specific and explicit about what data is compromised – I think the bullet point list is great. More companies should be this straightforward. Get on …

How We Increased New User Registration 27%

When we launched Alpha testing for Stormpath last year, there was a worthy debate about what would be the best signup flow. We wanted to ensure potential attackers wouldn’t be able to create dummy accounts and that we would be able to contact users reliably, but we also wanted an easy user experience. Signup workflows …

Stormpath Launches Enhanced API

Last week, amid the hoopla of our fundraising announcement, we ended Private Beta and released major enhancements to the API. Many of these came from user feedback.** In the coming months, we will be building out the SDKs and sample apps to make it easier to connect to the Stormpath API. Of course, there are …

Stormpath Named One of CSO Online’s Best Security Tools

CSO Online recently asked information and network security pros to name the best free software tools. Guess who made the list! Didn’t know we have a free edition?

Password Breach? That’ll Be $172,000,000 Please

UK Authorities have just slapped Sony Playstation with a $400,000 fine for their massive password breach in 2011. That $400k is nothing compared to the total cost. Sony reported an estimated outlay of $171M for insurance, customer support, and rebuilding their user management and security systems. Since the breach, partially due to a drop in customer …

CAS 3.5 Integration with Stormpath

The team over at Unicon recently released an CAS AddOns Project, which handily includes integration with Stormpath as a primary authentication source for CAS servers. We have had a ton of requests from the Higher Ed IT community and our friends in DevOps for a Stormpath CAS integration. Its fantastic to see a solution rise

More Partridges in the Pear Tree

Welcome to our newest teammates! Recruiting is in full swing here at the Death Star – Kelsey, Keli, Jose and Brent recently joined Team Stormpath. (Jose could not make the photo session, but found a very enthusiastic stand-in) Know a great Java Engineer, DevOps Lead or UI Master? We have a big referral bonus for …

Password Security The Right Way

Password security – not the most exciting part of your app. Because its complicated to build well, time-consuming to maintain securely, and because attacks are escalating through cloud technologies, even big companies like Sony and LinkedIn take shortcuts that lead to major security breaches. However, this is incredibly foolhardy: the average cost of a data …

Beautiful REST + JSON APIs with JAX-RS and Jersey

Designing and building a really clean and intuitive REST API is no small feat. You have to worry about resources, collections of resources, pagination, query parameters, references to other resources, which HTTP methods to use, HTTP caching, security, and more. And you have to make sure it lasts and doesn’t break clients as you add …

Five Steps to Password Security – Developer Best Practices Video

We see a lot of common mistakes in password security. From storing plaintext passwords (IEEE) to not salting user passwords (LinkedIn) to using insufficient hashing algorithms like SHA-1. In this video, Les covers the five levels of password security, starting with basic best practices for developers, like password hashing and salts, digest authentication and preferred …