{"componentChunkName":"component---src-templates-blog-list-template-js","path":"/142","result":{"data":{"allMarkdownRemark":{"edges":[{"node":{"excerpt":"The customer identity space is in a dynamic phase, with lots of activity around mergers and acquisitions (M&A) and investment. One notable…","fields":{"slug":"/identity/looking-gigya-alternative-try-loginradius-superior-modern-identity-platform/"},"html":"

The customer identity space is in a dynamic phase, with lots of activity around mergers and acquisitions (M&A) and investment.

\n

One notable event was the SAP acquisition of Gigya in late 2017.

\n

Now that a year has gone by, existing Gigya contracts are ending. Engineers are probably thinking that everything’s fine and that not much has changed with their customer identity solution.

\n

But as a leader, you should be worried. The Gigya technology may not have changed (yet) but the company that delivers it has changed significantly. Now is the time to start looking for the best Gigya alternatives.

\n

Acquisitions Create Problems for Customers

\n

M&A can be exciting for everyone associated with the acquired company. However, in some cases an acquisition can be damaging for customers, partners, and employees, depending on who the acquirer is.

\n

One such case is when the acquirer is significantly larger than the acquired company and they do not let the acquired company operate independently. The differences in size and power create culture clash, which is one of the top reasons that mergers fail.

\n

Culture clash then leads to staff turnover, which can be up to three times higher than in non-acquired companies.

\n

When employees and partners leave an acquired company, customers are the most hurt group among the three. Customers have to move quickly to find an alternative provider, and it also impacts resource allocation, service quality, and all of their future plans.

\n

This is the tough situation where Gigya customers now find themselves.

\n

Why Are Companies Looking for Other Solutions Like Gigya (SAP)?

\n

In the past twelve months, many customers have done their research on Gigya competitors and migrated away from Gigya to LoginRadius. We’ve heard from them about why they switched, and I wanted to share their feedback.

\n

“SAP is not a personality fit. It’s big, old, and slow.”

\n

Gigya no longer has its young, fast-moving culture from pre-acquisition days. It’s now part of a long-standing and enormous organization at SAP, which means a slower pace of technological innovation.

\n

SAP has 95,000 employees and Gigya had 500, which makes SAP 190 times larger. It’s not hard to guess which culture is going to win out.

\n

If your company chose Gigya because their agility and cutting-edge creativity were a great match for your corporate personality, there’s now a big disconnect.

\n

“Our contacts and partners are no longer there.”

\n

Customers aren’t the only ones who don’t want to make the leap to a different culture. Employees are even more affected by the organizational change, and a lot of them leave rather than try to adapt.

\n

Many of the people who took care of Gigya’s customers are gone by now. If you’re one of those customers, this turnover marks an end to your human relationship with Gigya.

\n

Then you get assigned to new account managers from the SAP culture and SAP strategies, not from Gigya’s young and innovative culture.

\n

“We’re now a tiny customer for the massive SAP enterprise.”

\n

Gigya used to be a small company with a few thousand customers. They were able to give quick personalized support.

\n

Now, as SAP, they have a huge client base.

\n

Perhaps you were in the top 10% of Gigya customers. Post-acquisition, you’re probably not even in the top 40% of customers. Big acquiring companies have customers who pay them $100 million or more, and you end up becoming a Tier 3 or 4 customer.

\n

You never get the same level of care you enjoyed before from your CIAM vendor.

\n

SAP is also outsourcing its support for Gigya customers to external partners who don’t necessarily have the level of expertise required. They may not understand your actual implementation. It can take days or weeks to resolve issues.

\n

“With SAP, we’re stuck using SAP products and technologies.”

\n

SAP Customer Data Cloud, the new name for Gigya’s customer identity and access management (CIAM) platform, is just a tiny part of the SAP universe. CIAM is now one offering out of 200.

\n

Gigya uses SAP servers for colocation, and they only have five regional data centers.

\n

Top 5 Reasons Companies Are Migrating from Gigya (SAP) to LoginRadius

\n

Many large brands, including a large media company with 30 million users, have migrated from Gigya/SAP to LoginRadius. Here are the top 5 reasons why big brands are considering LoginRadius as the best Gigya alternative.

\n

1. LoginRadius is a young and innovative company that is a leader in the CIAM space.

\n

“Innovate or die” is the mantra of the 21st century for tech businesses. The LoginRadius customer identity platform is the most modern offering in its class. In the security industry, it’s essential to stay current and jump on new developments quickly, and we have the agility to do that. The company has been recognized as a leader by many analyst firms, including KuppingerCole, Gartner, and Forrester.

\n

2. Customer identity is our core business.

\n

LoginRadius started in customer identity and it’s what we do. The full focus of our technology and business leadership is on creating modern customer experiences and helping businesses win customer trust.

\n

3. LoginRadius infrastructure is global and ready to scale.

\n

LoginRadius is deployed on Microsoft Azure cloud servers with failover to Amazon Web Services. Our platform scales to handle hundreds of millions of customers and over 150K logins per second. We have 35 global data storage centers (and counting).

\n

4. We have in-house customer support.

\n

LoginRadius offers our clients a dedicated support team, consisting of a customer success manager and implementation engineer. These are LoginRadius experts who understand your environment and resolve your issues quickly.

\n

5. LoginRadius has the best system availability.

\n

LoginRadius is the only CIAM platform on the market that guarantees 100% uptime, compared to 99.9% offered by other vendors. While other platforms have minutes to hours of unscheduled downtime as well as downtime for regular maintenance, LoginRadius is simply always available.

\n

Migration Program for Gigya Customers Looking to Move

\n

LoginRadius has migrated many customers, and we’re good at it. Our team will work with you through the whole process and manage the production deployment so there’s very little effort required on your side.

\n

We have automated software for a seamless migration and quick go-to-market, and we do most of the migration testing. Your users won’t be affected—they won’t even notice anything. Customers are pleasantly surprised at how simple the process is.

\n

If you’d like to hear more about customers making the switch to LoginRadius, contact us at 1-844-625-8889. We can also give you a demo so you can see how our features compare.

\n

\n \n \n As customer trust increases, businesses can request more data.

\n

The subsequent actions often take the place of secondary registration forms or event-driven calls to action for your customer to supply additional profile metadata. For example, you could request more detailed data only after a customer has logged in a certain number of times or navigated to a certain digital property.

\n

Progressive Profiling with Social Accounts

\n

Progressive profiling with social accounts is the process of progressively requesting additional OAuth Access permissions from your customers. This process allows you to minimize the access permissions requested and get business-critical access from your customers based on their social providers.

\n

\n \n \n An example of progressive profiling with social accounts

\n

Once the customer interacts more with your platform, you can begin requesting additional permissions from the social provider they are authenticating with. For example, you can ask for basic information, such as name and email, during registration, and then ask for birthdate, likes, and interests from the same customer at a later point.

\n

To learn more about how LoginRadius can improve customer experience and data collection using Progressive Profiling or other features, Book a demo today.

\n

\n \n \n

\n","frontmatter":{"date":"February 07, 2019","updated_date":null,"description":"A new feature of the LoginRadius Identity Platform is progressive profiling, which gradually collects data from customers in an automated way.","title":"Presenting: Progressive Profiling from LoginRadius","tags":["progressive profiling","cx","ciam solution"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/da44452f5513e8a73504016fe0488f80/33aa5/progrssive-profiling.jpg","srcSet":"/static/da44452f5513e8a73504016fe0488f80/f836f/progrssive-profiling.jpg 200w,\n/static/da44452f5513e8a73504016fe0488f80/2244e/progrssive-profiling.jpg 400w,\n/static/da44452f5513e8a73504016fe0488f80/33aa5/progrssive-profiling.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},{"node":{"excerpt":"Introduction Security questions can add an extra layer of certainty to your authentication process. Security questions are an alternative…","fields":{"slug":"/identity/best-practices-choosing-good-security-questions/"},"html":"

Introduction

\n

Security questions can add an extra layer of certainty to your authentication process.

\n

Security questions are an alternative way of identifying your consumers when they have forgotten their password, entered the wrong credentials too many times, or tried to log in from an unfamiliar device or location.

\n

So, how do you define a good security question? We have come up with some basic guidelines that will help you create the best ones.

\n

What Makes a Good Security Question?

\n

The best security questions and answers make it easy for legitimate consumers to authenticate themselves without worrying about their account being infiltrated.

\n\n

You can minimize both of these outcomes by creating good security questions.

\n
    \n
  1. Safe: Cannot be guessed or researched.
    2. \n
  2. Stable: Does not change over time.
    3. \n
  3. Memorable: Can be remembered.
    4. \n
  4. Simple: Is precise, easy, and consistent.
    5. \n
  5. Many: Has many possible answers.
    6. \n
\n

You can see examples of good security questions from the University of Virginia. Let’s take a look at each of these criteria in more detail.

\n

1. Safe

\n

\n \n \n

\n

When choosing security question and answers, it’s extremely important that the correct answers cannot be guessed or researched over the internet.

\n

Here’s an example of a question that fails to meet these rules:

\n

“In what county were you born?”

\n

This question could be considered unsafe because the information can be found online. Also, this information may be common knowledge to friends and family members.

\n

Aside from these issues, if a hacker was interested in a specific account, it might be easy to brute-force their way past this question since there are only a fixed number of counties in each US state.

\n

2. Stable

\n

\n \n \n

\n

A good security question should have a fixed answer, meaning that it won’t change over time.

\n

A good example of a security question with a stable answer:

\n

“What is your oldest cousin’s first name?”

\n

This example works because the answer never changes.

\n

Note: Questions like this one might not apply to all users. Asking about someone’s wedding anniversary or cousins does them no good if they have never been married or have no cousins! It’s important to offer your consumers several questions to choose from to make sure they apply.

\n

Some examples of questions with unstable answers:

\n

“What is the title and artist of your favorite song?”

\n

“What is your work address?”

\n

Both of these examples make for poor security questions because their answers will change for most people over time. Many people change their minds about their favorite things over the course of their lives, and they also may change jobs or move to a different office location.

\n

3. Memorable

\n

\n \n \n

\n

A good security question should be easily answered by the account holders but not readily obvious to others or quickly researched.

\n

Examples of good memorable questions:

\n

“What is your oldest sibling's middle name?”

\n

Most consumers who have siblings know their middle name off the top of their heads, making this a good example of a memorable security question. This question is also excellent because someone would have to do quite a bit of digging to first find out who the consumer’s oldest sibling is, and then find their middle name in order to crack this question.

\n

“In what city or town did your mother and father meet?”

\n

Most consumers know the answer to a question like this, making it fit the criteria of being memorable. It is also more difficult to guess or research this fact. Best of all, it fits the stability criteria as well.

\n

\n \n \n

\n

Some examples of question and answers that are unmemorable include:

\n

“What is your car’s license plate number?”

\n

Many people don’t have their license plate number memorized. Also, it’s relatively simple for a potential intruder to do some digging and find this information for themselves.

\n

“What was your favorite elementary school teacher’s name?”

\n

The answer to this question may be quick to recall for someone younger, but for older consumers, things from their childhood can be a lot foggier. So answers to such questions might not come so easily. It’s good practice to try to avoid questions from a consumer’s childhood.

\n

4. Simple

\n

\n \n \n

\n

A simple question has a precise answer that doesn’t create confusion.

\n

Some examples of questions with simple answers:

\n

“What was your first car’s make and model? (e.g. Ford Taurus)”

\n

“What month and day is your anniversary? (e.g. January 2)”

\n

These both make for good security questions because the answers are specific. These questions show consumers how to format their answers in a memorable, simple way.

\n

But how many security questions should be asked? These questions can also be asked in a way that doesn’t give simple, precise answers:

\n

“What was your first car?”

\n

“When is your anniversary?”

\n

5. Many

\n

\n \n \n

\n

A good security question should have many potential answers. This makes guessing the answer much more difficult and will also slow down automated or brute-force attempts at gaining access to the consumer’s account.

\n

An example of a question with many possible answers:

\n

“What is the middle name of your oldest child?”

\n

A question with too few possible answers:

\n

“What is your birth month?”

\n

But wait. Is there any such thing as a good security question?

\n

By their very nature, even so-called good security questions are vulnerable to hackers because they aren’t random—users are meant to answer them in meaningful, memorable ways. And those answers could be obtained through phishing, social engineering, or research.

\n

There’s a scene in the movie Now You See Me 2 where a magician tricks his target into giving him the answers to his bank security questions. The magician guesses the answers and his target corrects him with the actual information. It’s a fictional example, but the phishing mechanics are real.

\n

Many social media memes tap into the answers to common security questions, such as the name of your first pet or the street you grew up on. So by innocently posting your superhero name or rapper name on Facebook, you’re inadvertently sharing important personal information.

\n

Security Questions You Should Avoid

\n

When it comes to creating security questions, there are certain types of questions that should be avoided. Questions that have answers that are easily guessed or found online should not be used.

\n

For example, questions like “What city were you born in?” or “What is your mother’s maiden name?” are too common and can be easily guessed or found online. Additionally, questions that are too personal or sensitive should also be avoided as they may make users uncomfortable or cause them to reveal too much personal information.

\n

Examples of questions to avoid include “What is your social security number?” or “What is your salary?”

\n

List of Good Security Questions One Can Use

\n

Choosing good security questions can be challenging, but there are certain types of questions that can be effective.

\n

Good security questions should have answers that are easy for the user to remember but difficult for someone else to guess. For example, questions about personal preferences or experiences can be effective, such as “What is your favorite movie?” or “What was the name of your first pet?”

\n

Another effective approach is to use questions that require numerical answers, such as “What is your favorite number?” or “How many siblings do you have?”

\n

Security Question Best Practices

\n

When choosing security questions, there are several best practices to keep in mind. First, it is important to choose questions that are easy for the user to remember but difficult for others to guess or find online.

\n

Additionally, it is important to avoid using questions that are too personal or sensitive. Another best practice is to avoid using the same security questions for multiple accounts, as this can make it easier for hackers to gain access to multiple accounts if they can answer the same security questions.

\n

Finally, it is important to regularly update security questions and answers, as well as to use two-factor authentication or other security measures to further protect accounts. By following these best practices, users can create strong security questions that help protect their online accounts.

\n

What Authentication Methods are Good Alternatives to Security Questions?

\n

Passwords and security questions aren’t the only methods for locking down consumer accounts. A good CIAM solution offers several secure alternatives:

\n

1. Multi-factor authentication

\n

Multi-factor authentication is a much more robust and secure method of consumer authentication that relies on two or more ways of verifying the consumer’s identity. Typically, the consumer will be required to present something that they know, something they possess, and/or something they are. Some examples of these different factors are:

\n\n

As an example, the MBNA bank recently decided that security questions were not doing enough for them and their consumers to keep their accounts safe. To upgrade their security, they decided to go with two-factor authentication instead of security questions in order to verify their consumer’s identities.

\n

\n \n \n

\n

Source: MBNA website

\n

In these screenshots, you can see that the transition from security questions to two-factor authentication was fairly seamless for MBNA consumers. They even had the option to choose how often they would be prompted to provide a security code as their second factor.

\n

\n \n \n

\n

Source: MBNA website

\n

2. Strong password rules

\n

By requiring your consumers to follow strong password rules, you minimize the risk of hackers brute-forcing their way into their accounts. Lengthy alphanumeric passwords with special and non-repeating characters are much more difficult for an attacker to guess. It also takes significantly longer for brute force programs to break in.

\n

3. Passwordless Login

\n

Passwordless Login takes the password right out of the equation. consumers log in with a key fob, a biometric such as a fingerprint, or a magic link. This login method eliminates the issue of consumers forgetting passwords entirely, and it also makes it impossible for hackers to crack their accounts by brute-forcing.

\n

Conclusion

\n

If you’re interested in learning why passwords are slowly becoming a thing of the past, download our e-book The Death of Passwords. There are better authentication methods than passwords and security questions available for your company—and with support from LoginRadius, you can adopt them quickly and easily.

\n

\n \n \n

\n","frontmatter":{"date":"January 31, 2019","updated_date":null,"description":"Security questions will bring to your authentication process an extra layer of certainty. Security problems are an alternative way to recognise your customers when they have forgotten their password, entered too many times the wrong passwords, or attempted to log in from a location or unknown computer.","title":"Best Practices for Choosing Good Security Questions","tags":["data security","password management","cx"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/f79a91f9673ff866743dad68c04204fe/33aa5/security-questions.jpg","srcSet":"/static/f79a91f9673ff866743dad68c04204fe/f836f/security-questions.jpg 200w,\n/static/f79a91f9673ff866743dad68c04204fe/2244e/security-questions.jpg 400w,\n/static/f79a91f9673ff866743dad68c04204fe/33aa5/security-questions.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},{"node":{"excerpt":"What is an SSL Certificate? Let’s start with some working definitions of the HTTP and HTTPS protocols. HTTP is the Internet protocol over…","fields":{"slug":"/engineering/lets-encrypt-with-ssl-certificates/"},"html":"

What is an SSL Certificate?

\n

Let’s start with some working definitions of the HTTP and HTTPS protocols. HTTP is the Internet protocol over which data is sent between a browser and a server when they are communicating. HTTPS is the secure counterpart of HTTP , which encrypts data to ensure private communication.1 An SSL certificate is a data file that is installed on a web server to enable the use of the HTTPS protocol.2

\n

Why SSL Certificates?

\n

The communication privacy that HTTP provides is desirable for obvious reasons: for example, you would not want a website you are purchasing something from to not encrypt your credit card information before sending it to the server, for that would expose it to everyone who needs only a decent understanding of how the internet works to access it. Other benefits of SSL certificates include:

\n\n

Considerations

\n

There are some considerations to be aware of when implementing SSL certificates on your server. There is a cost involved due to he infrastructure that has been put into place by the SSL certificate provider to issue the certificate. Additionally, processing encrypted data takes more server resources. However, there is available hardware that can minimize this impact.3 Considering the additional security and end user trust SSL certificates can bring to your website, there is no doubt that its benefits far outweigh the costs and efforts of its implementation.

\n

A Final Note

\n

You might be aware that version 3.0 of the Secure Sockets Layer protocol was deprecated in 2015 by the IETF because of its vulnerabilities. Other protocols, such as TLS, are more secure and have to be used in replacement of SSL.5 This might lead you to think, how do I replace my SSL certificate with a TLS certificate so I ensure security in my website? The answer is you do not have to. Although the phrases ‘SSL certificate’ or ‘SSL/TLS certificates’ are used, the certificates are not bound to the protocol your server uses. Certificates can be used with either SSL or TLS; what determines what protocol you use is your server configuration.6

\n

References:

\n
    \n
  1. SSL Certificate Products
    2. \n
  2. What is an SSL Certificate?
    3. \n
  3. IETF
    4. \n
  4. SSL vs TLS - What's the Difference?
    5. \n
\n

Note: image labeled for reuse, taken from Google images.

\n","frontmatter":{"date":"January 14, 2019","updated_date":null,"description":null,"title":"Let's Encrypt with SSL Certificates","tags":["SSL","SSL Certificate","Security"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1,"src":"/static/0a5fe6d5d73fe4e13e3e6b415bb2983d/46604/ssl.png","srcSet":"/static/0a5fe6d5d73fe4e13e3e6b415bb2983d/69585/ssl.png 200w,\n/static/0a5fe6d5d73fe4e13e3e6b415bb2983d/497c6/ssl.png 400w,\n/static/0a5fe6d5d73fe4e13e3e6b415bb2983d/46604/ssl.png 500w","sizes":"(max-width: 500px) 100vw, 500px"}}},"author":{"id":"Ruben Gonzalez","github":"rubenprograms","avatar":null}}}},{"node":{"excerpt":"The Dangers of Bad Password Hygiene Many people use their email addresses and a small set of passwords (or even just one password) to log in…","fields":{"slug":"/identity/how-do-i-know-if-my-email-has-been-leaked-in-a-data-breach/"},"html":"

The Dangers of Bad Password Hygiene

\n

Many people use their email addresses and a small set of passwords (or even just one password) to log in to their online accounts. Unfortunately, this means that any hacker with your email address already has half your login details. Add in numerous password breaches from big-name digital service providers and you have a recipe for disaster.

\n

Since most people still recycle versions of their passwords, once one of them is released in a data leak, it could mean that all of your online accounts are compromised thanks to bad password hygiene.

\n

Even if you're one of the many people who use a selection of different passwords based on some sort of theme or the rearrangement of certain elements, an attacker could combine knowledge of one password with a brute force attack or social engineering to more easily discover your other passwords.

\n

Have I Been Pwned? Good Question!

\n

Luckily there's a well-trusted website where anyone can quickly find out if their email address has been compromised in an email leak and which company leaked your data. Have I Been Pwned? (HIBP) was set up by Troy Hunt, a highly respected digital security expert.

\n

It’s simple to find out if your email address has been compromised. Just go to Have I Been Pwned? to search their database of leaked details.

\n

HIBP doesn't just include leaked emails, but (as my friend found out) other personal data that has been exposed on the web. What you learn may surprise you—I asked a friend to try a few of their emails, and though all of their passwords were safe, other bits of personal data had been leaked by several marketing data aggregation companies.

\n

Hackers make use of many types of personal data, combining databases with known passwords when they do leak to make cracking your accounts that much quicker, so any sort of data leak can be risky.

\n

Check a few of your emails on the site, and chances are that at least one of them will have been involved in a data leak at some point, even if your passwords haven't been released.

\n

There's also a handy password checker to find out if a certain password has made its way into the public domain. (Don’t worry, the site uses hashing to keep your password anonymous and doesn’t store it.)

\n

\n \n \n

\n

Out of curiosity I checked the statistics for using \"password\" as a password—it turned out to have been pwned 3,533,661 times, a stark reminder that common sense doesn't always triumph when humans are left to their own devices regarding password strength.

\n

Subscribing to Have I Been Pwned is free and doing so will alert you to future leaks involving that email address as soon as they become public; adding additional emails is straightforward and doesn't incur any additional fees. As a website owner or administrator, you can also set up alerts that let you know if any email addresses associated with your domain have been compromised.

\n

What Should I Do if I Find My Address in an Email Leak?

\n

\n \n

If you're responsible for your company’s data security or digital platforms, then you're probably acutely aware of this fact.

\n

LoginRadius has a vested interest in maintaining the highest levels of data protection. 

\n

\n \n \n

\n","frontmatter":{"date":"January 10, 2019","updated_date":null,"description":"To log into their online accounts, many individuals use their email addresses and a short collection of passwords (or even only one password). Sadly, this means that every hacker already has half your login information with your email address. Add in multiple login violations from big-name digital service providers and you have a catastrophe recipe.","title":"How Do I Know If My Email Has Been Leaked in a Data Breach?","tags":["data security","password management","cx"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/68e50fe405a78a6072d742de4e3eecd7/33aa5/email-breach.jpg","srcSet":"/static/68e50fe405a78a6072d742de4e3eecd7/f836f/email-breach.jpg 200w,\n/static/68e50fe405a78a6072d742de4e3eecd7/2244e/email-breach.jpg 400w,\n/static/68e50fe405a78a6072d742de4e3eecd7/33aa5/email-breach.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},{"node":{"excerpt":"Both encryption and hashing have significant uses in cryptology and other fields. One defining difference between them is that encryption is…","fields":{"slug":"/engineering/encryption-and-hashing/"},"html":"

Both encryption and hashing have significant uses in cryptology and other fields. One defining difference between them is that encryption is reversible, while hashing is irreversible. Because of this, encryption is often used for protecting the confidentiality of data. Only authorized people with the key should be able to access the data. On the other hand, hashing works well for verification; knowing the actual data is unnecessary, just whether or not the hashes are the same.

\n

Encryption example: sending confidential documents to a co-worker through email.

\n
    \n
  1. Encrypt confidential documents.
    2. \n
  2. Send encrypted documents & key to co-worker through different sources.
    3. \n
  3. Co-worker receives the documents & decrypts them using the key.
    4. \n
\n

Hashing example: verifying user credentials for login.

\n
    \n
  1. User registers and creates a password.
    2. \n
  2. Server hashes a password and stores it in a database.
    3. \n
  3. User logs in by submitting their password.
    4. \n
  4. Server hashes the submitted password, and compares it with the hashed password in the database.
    5. \n
  5. If hashes are the same, the user is authenticated.
    6. \n
\n

Encryption

\n

Encryption is defined as conversion of electronic data into unreadable format by using encryption algorithms. This process of encoding the original data is called encryption. The data dump after encoding is called ciphertext.

\n

The purpose of encryption is to protect stored data, by guaranteeing that the information cannot be understood by individuals other than the proposed recipient(s).

\n

Encryption transforms information under another format such that just particular individual(s) could decrypt the conversion.

\n

DES

\n

The Data Encryption Standard (DES) is a symmetric key algorithm that was widely used for many years. DES is a block cipher that uses a 64-bit block of plaintext and a 56-bit key in order to output a 64-bit block of ciphertext. The core of the algorithm is composed of a series of repetitive modules that transform the block of plaintext. Each module’s bit manipulation includes transposition, splitting, concatenation, and combination with the key. A security limitation is that the key can be brute forced, especially since in DES the key is a relatively short 56-bits (thus, 256possibilities). Because of the technological advances in computing, DES is now considered insecure.

\n

3DES

\n

Triple Data Encryption Standard (3DES/TDES) is a successor to DES, and runs the DES algorithm three times to each block of data. The standard keying option is to use 3 keys of 56-bits each, resulting in a final key of 3 x 56 = 168-bits. A security limitation is its vulnerability to meet-in-the-middle attacks, where essentially the attacker brute forces the encryption of the plaintext and decryption of the ciphertext at the same time. This allows the 168-bit key to be brute forced in 22 x 56iterations.

\n

AES

\n

The Advanced Encryption Standard (AES) is a symmetric key algorithm trusted worldwide including the U.S government with classified material. AES is a block cipher which uses 128-bit blocks of plaintext, and three key options: 128-bit, 192-bit, and 256-bit. On a high-level, AES shares many fundamental concepts with DES; in particular, transforming a block of plaintext through repetition and bit manipulation. This include substitution, transposition, and bitwise operations. Currently, the only security limitation is its theoretical risk to brute force.

\n

RSA

\n

The Rivest-Shamir-Adleman (RSA) is a asymmetric key algorithm based on the difficulty of prime factorization. The algorithm first generates a private and public key using 2 random, sufficiently large, and distinct prime numbers. Public keys can then be distributed to external parties. Plaintext encrypted using the public key and RSA formula can only be decrypted using the private key. Security limitations include weak key generation due to poor choices in prime numbers, and the possibility of breakthroughs such as quantum computers trivializing prime factorization.

\n

Blowfish

\n

Blowfish is a symmetric key algorithm freely available in the public domain. As a block cipher, Blowfish processes 64-bit blocks of plaintext, and a key ranging from 32 to 448-bits. It is known to be fast compared to existing alternatives, except when changing keys. The algorithm involves multiple cycles of splitting the key into 2 subarrays, substituting bits, and performing a series of bitwise operations with parts of the plaintext block. A security limitation is its relatively small block size of 64-bits makes it vulnerable to birthday attacks, which is based on probability theory.

\n

Twofish

\n

Twofish is a symmetric key algorithm freely available in the public domain. Twofish is a block cipher with 128-bit blocks of plaintext, and up to a 256-bit key. The designer of Blowfish also worked on Twofish. Similar to Blowfish, Twofish is a fast cipher, and shares some of the same concepts and structure in transforming a block of plaintext. Currently, the only security limitation is its theoretical risk to brute force.

\n

Skipjack

\n

Skipjack is a symmetric key algorithm with 64-bit blocks of plaintext and 80-bit key. It was designed by the NSA with the purpose of encrypting voice transmission, and later declassified for public knowledge. The algorithm is based off a technique of repeatedly splitting the plaintext block and performing bitwise operations with subkeys. Currently, the only security limitation is its theoretical risk to brute force, especially due to its relatively short key.

\n

Use Cases

\n

Symmetric key encryption

\n\n

Asymmetric key encryption

\n\n

Hashing

\n

Hashing is a process of taking a big block of data and reducing it to smaller blocks of data in a specific order by using hashing functions. Cryptographic hashes are irreversible.

\n\n

Some properties of hashed data:

\n\n

The output of a hashing algorithm is a hashed value, also known as a message digest. Analogous to a fingerprint.

\n

MD4

\n

The Message Digest 4 (MD4) algorithm takes an input text of arbitrary length, and outputs a 128-bit digest in the form of a 32-digit hexadecimal number. The algorithm works by first padding the text to a certain length, and then appending to it a 64-bit binary representation of the text. Next, the text is processed in blocks of 512-bits, with each block undergoing three rounds of bit manipulation. MD4 is insecure, as a collision attack was found. This is where two input texts produce the same output digest (a hash collision), thus allowing for issues such as forging digital signatures.

\n

MD5

\n

The Message Digest 5 (MD5) algorithm is similar to MD4, except each block is processed in four more complex rounds. MD5 is also considered insecure, as a collision attack was found. However, MD5 is still often used in the industry for cases which do not require collision resistance, such as password hashing. Better solutions exists, but tradition and lack of modern security expertise drives the popularity of MD5.

\n

SHA-1

\n

The Secure Hash Algorithm 1 (SHA-1) takes an input text of arbitrary length, and outputs a 160-bit digest, typically in the form of a 40-digit hexadecimal number. The algorithm performs padding, and 80 rounds of text manipulation such as bitwise shifting and XOR operations. SHA-1 is considered insecure, as a collision attack was found.

\n

SHA-2

\n

The Secure Hash Algorithm 2 (SHA-2) is a family of successors to SHA-1. This includes SHA-224, SHA-256, SHA-384, and SHA-512. Digest sizes range from 224 to 512-bits, increasing its difficulty to brute force. The algorithm consists of padding, and 64 or 80 rounds of bit manipulation. A security limitation is its vulnerability to length extension attacks. When the algorithm is finished, this attack takes advantage of the internal state of the machine in order to keep processing new text. As a result, it is possible to construct a new digest which is an extension of the original digest.

\n

HMAC-SHA1

\n

Hash-based Message Authentication Code SHA-1 (HMAC-SHA1) uses the SHA-1 hashing algorithm and a key in order to generate a HMAC. Due to the usage of a key, there is less chance of a hash collision, but the key is vulnerable to discovery through brute force. Additionally, HMAC is vulnerable to length extension attacks.

\n

HMAC-SHA256

\n

Hash-based Message Authentication Code SHA-256 (HMAC-SHA256) uses the SHA-256 hashing algorithm and a key in order to generate a HMAC. Security concerns include the key being brute forced, and length extension attacks.

\n

PBKDF2

\n

Password-Based Key Derivation Function 2 (PBKDF2) is a hashing algorithm designed to be used for passwords. By design, hashing using PBKDF2 is slow, making it much more difficult to brute force a password. This is because the algorithm takes in a random salt, as well as the desired number of times to hash the password. Other inputs include the desired length of the output, and the hashing function used. Typically, the recommended number of iterations range in the tens of thousands, but depends on the hashing function and capabilities of the application. However, brute force still remains a threat, especially with weakly chosen salts and a small number of iterations.

\n

Argon 2

\n

Argon2 is a cryptographic hashing algorithm, most recommended for password hashing. It hashes a plain text input to a hash as per the parameters mentioned. It is governed by six parameters: password, salt, memory cost, time cost, parallelism factor, the hash length, along with one of the three algorithms included in it.

\n

Argon2 has 3 versions: Argon2d, Argon2i and Argon2id.

\n
    \n
  1. Argon2d is more resistant to GPU attacks as it accesses the memory array in a password dependent order reducing the possibility for TMTO attacks but leaves itself vulnerable to side-channel attacks.
    2. \n
  2. Argon2i, unlike '2d', accesses memory in a password independent order which increases resistance against side-channel attacks.
    3. \n
  3. Argon2id is a hybrid of '2i' and '2d'. It is always recommended one except when there are reasons to prefer one of the other two modes.
    4. \n
\n

It has experienced two attacks on Argon2i. The first attack is applicable only to the old version of Argon2i. The second attack has not been secured yet.

\n

Use Cases

\n

Authentication

\n\n

Message integrity

\n\n

Identification

\n\n

Encoding and Cryptography

\n

Encoding

\n

The process of transforming the data by using an algorithm (that is publicly available) into another format.

\n

The motivation behind encoding is to change information with the goal that it can be appropriately (and securely) fed to a different system. The main objective is not to keep data secret, but instead to guarantee that it is ready to be legitimately used.

\n

Symmetric key cryptography

\n

The process of using the same key for encrypting and decrypting the text is called symmetric key cryptography.

\n

Asymmetric key cryptography

\n

The process of using a public key for encryption and a private key for decryption is called asymmetric key cryptography.

\n

Stream cipher

\n

The process of encrypting or decrypting the text bit by bit using a symmetric key is called stream cipher. The stream cipher process is high speed and requires low hardware complexity.

\n

Block cipher

\n

The process of encrypting or decrypting the text block by block using a symmetric key is called block cipher. Block ciphers are the functions that take an input message and a key in order to create a new, encrypted ciphertext. Block cipher are used with Symmetric key encryption.

\n

Block ciphers are invertible and efficiently computable. E.g. DES, AES, BlowFish etc.

\n

Cryptographic Salt

\n

Salts are an additional piece of data used in hashing algorithms, typically for passwords. They help protect against brute force attacks, by adding complexity to the hashes. As a result, salts increase the time taken to brute force a single hash, and deter against optimizations such as dictionaries and precomputed tables.

\n","frontmatter":{"date":"December 24, 2018","updated_date":null,"description":null,"title":"Encryption and Hashing","tags":["Encryption","Hashing"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":3.278688524590164,"src":"/static/9f60d8a12e2cb9240bfe54b54515b42a/3087f/encryption-and-hashing.png","srcSet":"/static/9f60d8a12e2cb9240bfe54b54515b42a/69585/encryption-and-hashing.png 200w,\n/static/9f60d8a12e2cb9240bfe54b54515b42a/497c6/encryption-and-hashing.png 400w,\n/static/9f60d8a12e2cb9240bfe54b54515b42a/3087f/encryption-and-hashing.png 615w","sizes":"(max-width: 615px) 100vw, 615px"}}},"author":{"id":"Andy Yeung","github":null,"avatar":null}}}}]},"markdownRemark":{"excerpt":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards…","fields":{"slug":"/identity/developer-first-identity-provider-loginradius/"},"html":"

Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.

\n

We’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.

\n

The goal? Having them spend less time searching and more time building.

\n

What’s New and Improved on the LoginRadius Website?

\n

LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.

\n

Here’s a closer look at what’s new and why it’s important:

\n

A Developer-Friendly Dark Theme

\n

\"This

\n

Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.

\n

The new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.

\n

So, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.

\n

Clear Categorization for LoginRadius Capabilities

\n

\"This

\n

We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:

\n\n

This structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.

\n

Developer-First Navigation

\n

\"This

\n

We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.

\n

The new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.

\n

Quick Understanding of Integration Benefits

\n

\"This

\n

Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.

\n

Our platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.

\n

Over to You Now!

\n

Check out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.

\n

Do not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!

\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},"pageContext":{"limit":6,"skip":846,"currentPage":142,"type":"///","numPages":161,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}