Category: General

Reputation.com Loses User Passwords, Emails, and Addresses

…or How To Report Password Attacks Reputation.com just reported a security breach to users, with the email below. There are some great takeaways here for reporting breaches to your users: Be specific and explicit about what data is compromised – I think the bullet point list is great. More companies should be this straightforward. Get on …

To PUT or POST?

Update 5/12/2016: Watch Stormpath CTO Les Hazlewood’s presentation on REST + JSON API design best practices. And don’t forget, Stormpath now secures authentication to your API – without code! Create, Update and HTTP Idempotence For developers building REST-based APIs, there is a great deal of misinformation and some understandable confusion about when to use HTTP PUT and …

How We Increased New User Registration 27%

When we launched Alpha testing for Stormpath last year, there was a worthy debate about what would be the best signup flow. We wanted to ensure potential attackers wouldn’t be able to create dummy accounts and that we would be able to contact users reliably, but we also wanted an easy user experience. Signup workflows …

Long Live The Password

Last year Microsoft Research posted a great paper[1] on passwords in an attempt to answer the question, “After 40 years of security research, why is the password still dominant?” Surprisingly, most security people haven’t read it. Not hard to guess why—it’s a dense 15-page academic paper titled “The Quest to Replace Passwords: A Framework for …

Stormpath Rising

Today we announced $8.2M in Series A financing.  It’s a big achievement for our team and a huge commitment to our vision and customers.  Most importantly, it’s fuel: fuel to recruit the best people, fuel to build a revolutionary security product, and fuel to empower thousands of developers with the Stormpath API. What Is Stormpath? …

Stormpath Named One of CSO Online’s Best Security Tools

CSO Online recently asked information and network security pros to name the best free software tools. Guess who made the list! Didn’t know we have a free edition?

Password Breach? That’ll Be $172,000,000 Please

UK Authorities have just slapped Sony Playstation with a $400,000 fine for their massive password breach in 2011. That $400k is nothing compared to the total cost. Sony reported an estimated outlay of $171M for insurance, customer support, and rebuilding their user management and security systems. Since the breach, partially due to a drop in customer …

CAS 3.5 Integration with Stormpath

The team over at Unicon recently released an CAS AddOns Project, which handily includes integration with Stormpath as a primary authentication source for CAS servers. We have had a ton of requests from the Higher Ed IT community and our friends in DevOps for a Stormpath CAS integration. Its fantastic to see a solution rise

More Partridges in the Pear Tree

Welcome to our newest teammates! Recruiting is in full swing here at the Death Star – Kelsey, Keli, Jose and Brent recently joined Team Stormpath. (Jose could not make the photo session, but found a very enthusiastic stand-in) Know a great Java Engineer, DevOps Lead or UI Master? We have a big referral bonus for …

Password Security The Right Way

Password security – not the most exciting part of your app. Because its complicated to build well, time-consuming to maintain securely, and because attacks are escalating through cloud technologies, even big companies like Sony and LinkedIn take shortcuts that lead to major security breaches. However, this is incredibly foolhardy: the average cost of a data …