Why you should get rid of home-grown password systems immediately

Anup MarwadiIdentity

We’ve all seen it happen – Credit Unions, Banks, Retail stores have all been hacked. You don’t want to be on that list.

While Application Security is a complicated issue and deserves a playbook of its own, software development companies and developers alike should start taking the first steps in the forefront of application security, and that involves, getting RID of homegrown password systems.

Now, companies like Okta and Auth0 have been offering managed identity solutions for quite a few years now, and they have some amazing features that are appealing to Enterprises.

But what if you have hundreds of thousands of MAUs (monthly active users)? The price points with Okta and Auth0 climb up very quickly.

What if you have Federation and SSO (Single-Sign-On) needs with Enterprises? The prices go up even higher?

How about MFA? Or custom User Journeys? Things get extremely complex. Simple scenarios become difficult to navigate and you end up paying big bucks for things that you expected to work out of the box.

What if you’re a Startup working with consumers i.e. B2C? Costs climb up higher and higher.

You get the idea…

COST is primarily a FACTOR in developers sticking to home grown password systems.

And that’s where Microsoft comes in.

Wait what?

Yes, I’m talking about Microsoft’s Azure Active Directory B2C. A terrible name, but a wonderful product that holds a promise to solve all your problems, if you have the time and the patience to understand it; and that’s where we at HyperTrends come in. We have figured out the entire playbook to get large Enterprises up and running on Microsoft AAD B2C in a relatively short amount of time without making any compromises at all.

Here are some scenarios:

  • MFA (Multi-Factor Authentication) via Phone, Email or Authenticators (such as Google, Microsoft etc.)
  • One-Time Passwords for magic-link, password-less access
  • Invitations based access
  • Role-Based Access
  • API Based Account Management
  • TOU (Terms of Use) Scenarios
  • Rotate Password Every X Day Policies
  • Bulk Updates
  • Home Realm Discovery (useful for SSO scenarios to redirect Users to different login screens based on domains)
  • End-to-End UI Customization
  • Custom API integration
  • Custom Data Collection
  • Custom Claims Management
  • Account Linking
  • Social Sign Ups
  • Disable Inactive Accounts
  • Impersonation
  • Service Consent
  • Progressive Profile building
  • SignUp/Sign In w/ Phone Numbers only
  • Username Discovery

And many others….

Microsoft lives up to its promise of offering a robust, standards oriented, highly customizable identity platform that can scale with you, as you grow, without the need to spend big bucks.

It also lives up to its promise of being able to customize every pixel of the User-Interface and every step of the User’s journey through various authentication flows.

Yes, it is complex to work with “Custom Policies“, but believe you me, the power of this framework CANNOT be underestimated.

After utilizing this product for some seriously sophisticated scenarios for Enterprises and Startups alike, we can confirm that it lives up to its reputation of being a robust offering unlike any other.

Risk Detection Scenarios

Packed with AAD B2C is a risk detection framework that can help you with a wide variety of scenarios:

  • Atypical Travel – picks up login across different geo locations and raises suspicion based on distance between logins
  • Anonymous IP – Detects IP addresses from Tor or VPN networks and identifies actors trying to hide their actual location.
  • Malware Linked IP – Detects IP associated with bot networks.
  • Unfamiliar Sign-In Properties – Sign in with properties not seen recently for a specific user.
  • Admin confirmed user compromise – Admins can label data in specific manners to identify compromised users.
  • Password Spray Detection – Multiple username and brute force password attack analysis.

Integration w/ 3rd Party Providers

In addition to the above, you can easily integrate with 3rd party providers to enhance the security. Providers such as Experian, LexisNexis, onFido, Arkose etc. offer robust services such as facial biometrics validation, profiling, identity validation, fraud-detection among many others to take this offering to a whole new level out-of-the-box.

So there we go!

Let’s connect if you’re interested in building World-Class, Industry-Standards Compliant, Identity solutions without paying a hefty price tag.

Our proven expertise with Identity solutions will help you navigate this journey and potentially save you thousands of dollars each year and still give you a WORLD-CLASS IDENTITY MANAGEMENT offering.