The LoginRadius PerfectMind integration is delivering a seamless user experience and helping cities in increasing user conversions allowing their users to register and authenticate flawlessly.
\nAuthentication is one of the most important aspects that should be carried out without any friction since a great consumer experience is a key to business success; LoginRadius understands this and developed an out of the box SSO solution to deliver a seamless user experience between LoginRadius and PerfectMind applications.
\nUsers expect authentication experiences that are quick, delightful, secure, and seamless. Hence, a robust authentication mechanism becomes the need of the hour for enterprises collecting and storing vast amounts of user information and leveraging this across distinct systems and toolsets.
\nLoginRadius’ cutting-edge single sign-on helps overcome all the challenges related to consumer experience and data integration. Let’s understand how LoginRadius paves the path for a robust user experience by integrating PerfectMind.
\nPerfectMind (part of Xplor) is a membership management software that uses cloud-based technology to help organizations of all sizes connect with their communities.
\nPerfectMind started as a software solution for martial arts schools but has expanded over the years to serve other industries, most notably parks and recreation departments.
\nCanadian municipal and community organizations were looking for a way to connect their native website to PerfectMind so users could log in and enjoy a seamless experience between the sites.
\nSince, PerfectMind does not support industry-standard federated Single Sign-On methods like SAML, OAuth/OIDC, or JWT, LoginRadius offered its out-of-the-box SSO Connector solutions to create a Single Sign-on user experience between LoginRadius and the PerfectMind applications by leveraging APIs.
\n\n","frontmatter":{"title":"LoginRadius Offers PerfectMind Integration for a Seamless UX","author":{"id":"Jitender Agarwal","github":null,"avatar":null},"date":"December 14, 2021","updated_date":null,"tags":["authentication","federated sso","passwordless login"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.8018018018018018,"src":"/static/8fe54186ea558472cf50336523587257/14b42/perfectmind-cover.jpg","srcSet":"/static/8fe54186ea558472cf50336523587257/f836f/perfectmind-cover.jpg 200w,\n/static/8fe54186ea558472cf50336523587257/2244e/perfectmind-cover.jpg 400w,\n/static/8fe54186ea558472cf50336523587257/14b42/perfectmind-cover.jpg 800w,\n/static/8fe54186ea558472cf50336523587257/16310/perfectmind-cover.jpg 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}}},"fields":{"authorId":"Jitender Agarwal","slug":"/identity/loginradius-perfectmind-integration-sso-ux/"}}},{"node":{"id":"9dfe5a34-bd2c-580b-82ef-2592993f03c0","html":"Open source projects are intended to be freely available to the developer community and are easy to modify. In fact, many open-source developers believe that by enabling modifications to their software, they receive constructive criticism.
\nDevelopers also frequently learn new techniques by trying to integrate open-source software into their own programs. Others can then take this new code and incorporate it into their projects if they find it useful.
\nNo wonder, the adoption of third-party open-source software is getting popular. What's more is it allows companies to produce software faster than developing from scratch.
\nWhile open-source projects have several advantages over proprietary software, they also bring in some challenges that you need to consider. Let's discuss the pros first.
\nHere are some of the fundamental advantages that open-source software offers:
\nThe development or customization of proprietary solutions depends on the availability and ability of the vendor's development team to solve the problem.
\nSince open-source solutions are developed by contributions from various community members, they typically offer multiple ways to solve a problem. Hence, you can get the job done faster using an open-sourcing project.
\nAs community members develop and maintain open-source solutions, they generally cost less than a proprietary solution.
\nYou can start small by updating the community versions of the open-source project to meet your business requirements. But later, as your business requirements grow, you can leverage commercially supported solutions too.
\nOpen-source projects allow developers to create projects and get a platform to interact with other developers outside their organizations.
\nAn open-source project approach can be a great way to collaborate with other talented engineers. But when you're building something critical to your business, you need more than a supporting cast of thousands of developers from across the globe. Here are some of the risks observed with open-source software:
\nThe source code is available for everyone, cybercriminals can also easily find vulnerabilities in the code. For example, they can extract sensitive information or damage the systems leveraging the open-source software.Here are a few examples of the vulnerabilities found in some common open-source software recently:
\nOpen-source project contributors are generally developers who are not security experts. They contribute to the product primarily to support the functionality and may not consider the security aspects. Hence, the open-source product may pose security risks that cybercriminals can easily exploit.
\nOpen-source software does not provide any warranty for its security and support as these products are developed and managed by volunteers.
\nThe developer community members typically test the software for security issues and provide suggestions/recommendations on the public forums, but they are not liable for faulty guidance.
\nOpen-source project contributions are generally managed by a small team to reduce cost. They may not perform proper testing/QA or have a security auditing process at all due to a lack of expertise or workforce.
\nThe testing team may not be familiar with the open-source change requests or test the code properly by considering crucial aspects.
\nAnonymous developers sometimes develop open-source software. Therefore, it is pretty likely that they may copy from third-party sources without understanding the copyright issues.
\nAs a result, companies leveraging the particular open-source software can be held responsible for Copyright infringement.
\nFor example, SCO Group contended IBM stole part of the UnixWare source code and used it for their Project Monterey and sought billions of dollars in damages.
\nOpen-source projects can be a lot of effort for an organization. It isn't always clear who will do the work to manage the change requests from the developer community or take care of scope, licensing, and versioning.
\nIf hackers are invited to contribute to open-source projects, they can potentially change the code so that it contains malware. If the code is not carefully reviewed, it can become part of an open-source project.
\nThe open-source licenses are not like traditional software licenses (you don't pay for using them). Hence, you cannot expect it to be constructed with the best security practices and also pose potential risks. These risks may include vulnerabilities of the source code, proprietary issues, license violations, etc.
\nExperts recommend not to leverage the open-source project in the places where:
\nEnterprises should carefully analyze and assess their suitability while adopting open source and be cautious when implementing the project.
\n\n","frontmatter":{"title":"Why You Should Use Open Source Project For Your Business","author":{"id":"Jitender Agarwal","github":null,"avatar":null},"date":"November 26, 2021","updated_date":null,"tags":["security"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.9230769230769231,"src":"/static/da49f74aa418b24ac69e985d2e6dbb9c/14b42/open-source.jpg","srcSet":"/static/da49f74aa418b24ac69e985d2e6dbb9c/f836f/open-source.jpg 200w,\n/static/da49f74aa418b24ac69e985d2e6dbb9c/2244e/open-source.jpg 400w,\n/static/da49f74aa418b24ac69e985d2e6dbb9c/14b42/open-source.jpg 800w,\n/static/da49f74aa418b24ac69e985d2e6dbb9c/16310/open-source.jpg 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}}},"fields":{"authorId":"Jitender Agarwal","slug":"/identity/pros-cons-open-source-project/"}}},{"node":{"id":"d5524bde-2905-531c-bc66-634eb48e8c4e","html":"Adaptive Authentication (also known as Risk-based Authentication) is a method to send notifications or prompt the consumers to complete an additional step(s) to verify their identities when the authentication request is deemed malicious according to your organization's security policy. It allows users to log in using a username and password without presenting any additional authentication barrier while providing a security layer whenever a malicious attempt is made to access the system.
\nAdaptive Authentication analyzes the user interaction with your application and intelligently builds a risk profile based on the consumer behavior or your organization's security policy. The system creates a user. You can define the risk factors in one of the following ways:
\nYou can define one or more risk factors based on your business requirements:
\nUser Role: The employees with higher user roles in the system can perform sensitive actions; hence, you can ask them to perform additional steps to complete the authentication. The employees with lower user roles pose a lower security risk and can log in with usernames and passwords for a frictionless user experience.\nAccessing sensitive resource: You can also ask the employees to perform additional authentication steps when they try to access a sensitive resource like financial statements,
\nPerform sensitive actions: If the employees are trying to perform sensitive actions like edit or delete actions on the sensitive information, they can be asked to verify the identity with additional steps.
\nLocation: The employees are trying to login into a system using a public network instead of the office network.
\nDevice: If employees use their personal laptop instead of using a company-issued laptop.
\nMost systems build a risk profile based on a consumer's recent interaction with your applications. The system generally leverages machine learning to create this profile on the fly. Here are the common risk factors:
\nCountry: The system can trigger actions and notifications if the consumer is logged in from a different country. e.g., If the consumers travel outside of their country of residence and try to access the system, some financial instructions like credit card companies block the access for the consumers to the system. These companies require you to inform the companies before leaving the country to whitelist the country for your account in the system.
\nCity: If the consumer has logged in from a different city than he usually logs in from, it will trigger Adaptive Authentication. Once the consumer completes the Adaptive Authentication for the new city, the city can be added to the system for future Logins without the Adaptive Authentication.
\nDevice: If the consumer tries to login in from a new device, the request will be flagged as malicious under the Adaptive Authentication. Once the consumer completes the Adaptive Authentication for the new device, the city can be added to the system for future Login without Adaptive Authentication.
\nBrowser: If the consumer was logging from the Chrome browser and suddenly tries to log in from the Firefox browser, the authentication attempt will be deemed malicious and trigger the Adaptive Authentication. Once the consumer completes the Adaptive Authentication step, it will whitelist the browser for future authentication attempts for the consumer account.
\nYou can also combine the Pre-defined factors (as mentioned above) and Dynamic factors to trigger the Adaptive Authentication.
\nWhenever an authentication request is deemed as a malicious attempt based on the risk factors defined for your application, it can trigger one or more of the following actions according to your business requirements:
\nEmail Notification: An email is sent to notify the consumer about the authentication request. If the consumer found the authentication request malicious, they can inform the company to take appropriate actions.
\nSMS Notification: An SMS is sent to the consumer's phone numbers to notify the consumer about the authentication request. It gives an advantage as the consumer checks the SMS more frequently than email, or the consumer might not have access to the email all the time. If the consumer found the authentication request malicious, they can inform the company to take appropriate actions.
\nMulti-Factor Authentication: The consumer is asked to verify the identity with the second factor of authentication. This factor can be configured in many ways as per your business requirements. Please see my blog on Multi-factor Authentication for more details.
\nBlocking User Access: The account is blocked immediately for further login attempts once specific risk criteria have been met. The consumer needs to contact the company to unblock the access.
\nSecurity Questions: This forces the consumer to answer one or more security questions before authenticating the request.
\nPush authentication: User authentication is accomplished by delivering a push notification to a secure application on the user's device.
\nFIDO U2F tokens: FIDO U2F tokens allow users to utilise a single device to access any website or online service that supports the FIDO U2F protocol.
\nMultifactor authentication creates a longer authentication process for the consumers, which causes lower consumer conversation at your application. Adaptive Authentication only triggers an elevated-risk situation while keeping the frictionless authentication process in place for normal conditions.
\nYou can configure actions based on the severity of the risk factors like if the consumer normally logs into your system from Vancouver and they make an authentication request to access the application from Cancun, this is an elevated-risk situation and you might want to block the account instead of sending the notification to the consumer.
\nAdaptive Authentication is evolving as Machine learning can add more risk factors by studying consumer behavior over the period. Hence, it provides an updated layer of security against fraudulent attempts.
\nAdaptive authentication is getting popular as it provides frictionless authentication for consumers while preventing fraudulent attempts to access the system.
\nLoginRadius provides Adaptive Authentication to its customers to assist their businesses. Please see Risk-Based Authentication Document for more information on the LoginRadius Adaptive Authentication.
\n","frontmatter":{"title":"What is Adaptive Authentication or Risk-based Authentication?","author":{"id":"Jitender Agarwal","github":null,"avatar":null},"date":"March 09, 2021","updated_date":null,"tags":["Adaptive Authentication","Risk-based Authentication"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.550387596899225,"src":"/static/cb091325d11a0ecb1aba62586a057ef8/14b42/adaptive-authentication.jpg","srcSet":"/static/cb091325d11a0ecb1aba62586a057ef8/f836f/adaptive-authentication.jpg 200w,\n/static/cb091325d11a0ecb1aba62586a057ef8/2244e/adaptive-authentication.jpg 400w,\n/static/cb091325d11a0ecb1aba62586a057ef8/14b42/adaptive-authentication.jpg 800w,\n/static/cb091325d11a0ecb1aba62586a057ef8/d7a38/adaptive-authentication.jpg 1071w","sizes":"(max-width: 800px) 100vw, 800px"}}}},"fields":{"authorId":"Jitender Agarwal","slug":"/engineering/what-is-adaptive-authentication/"}}},{"node":{"id":"6fe5e0d0-3fbf-5d6f-a8c8-b5135d8383dc","html":"In reaction to the Covid-19 pandemic, as offices closed, few of us knew that we would be working from home for months or forever, Many of us set to continue the trend of working from home for the foreseeable future. With remote working set to become the “new normal” for many, it's important to make sure our systems are safe and secure.
\nIn today's digital world, consumers are using more and more web and mobile apps to access various services. These apps require the consumer to create accounts with usernames and passwords. This poses the threats for password breaches due to lack of strong passwords, common passwords, or re-used passwords for multiple sites.
\nBusinesses are looking for ways to protect their digital assets while validating their consumer's identities and at the same time providing a smooth user experience. Multi-factor Authentication (MFA) is the simplest and the most effective tool to provide another layer on top of the login credentials. After the consumer enters their login credentials, whether via email, phone number, username, or social profile, the consumer verifies the system with some other independent factor. Hence, it restricts any malicious attempt to access the system or service even if someone gets access to the consumer's password.
\nMulti-factor or Two-factor Authentication verifies the consumer's identity using one of the following factors:
\nThere are several MFA authentication methods available leveraging the above authentication factors to protect the consumer account. Businesses can use one or all of the following MFA authentication methods as per their business requirements.
\nThe PIN Authentication feature allows the consumer to set a PIN in addition to the password during registration. After the consumer enters their login credentials, the consumer will be asked to enter the PIN set at the time of registration. This is generally used in devices with physical interfaces like smartphones or PIN pad on the doors. Check our LoginRadius PIN Authentication method to know more.
\nPros: It is easy for consumers to remember and enter the four-digit PIN into the application, eliminating the need to have a device to complete the MFA.
\nCons: Brute forcing the PIN is easier than a password as the PIN is generally a combination of 4 digit numbers.
\nThe consumers are asked to answer some security questions at the time of registration. The security questions should be such that the answers are easy to remember for the consumers, hard to guess for someone else, and be consistent over time. The same security question(s) can be asked as a second factor of authentication to verify the consumer identity. This is used in web applications as you can type security answers quickly on the computer. LoginRadius allows its customers to configure security questions for authentication. Please see the LoginRadius Security Question Overview document for more details.
\nPros: You can easily set up the security questions as most of the services allow you to select the questions from a series of predefined questions. It does not require any additional hardware device.
\nCons: Other people can find out the answers from your social profiles or use social engineering, like phishing emails or phone calls. If they know you, they can also guess the answers to the security questions, e.g., your favorite color, etc. You need to memorize responses for the security questions if you have set the fictitious responses so that nobody can guess or find out.
\nAfter the consumers enter their login credentials, they receive an instant text message with a unique authentication code. The consumers are required to enter the code into the application to get access to their accounts. Visit LoginRadius SMS authentication to know more.
\nPros: MFA via SMS code is the most popular method due to its low cost and easy setup. It is also fast as the text arrives almost instantly.
\nCons: The code is sent over the telecom network, hence, poses the risk of SMS messages being intercepted or redirected. In this case, the consumer will still get the code and report it to the business if it is not he who tried to login into the application. If you have misplaced or don't have the device nearby, Or the device has run out of battery, you can't log in to the application. Some disreputable services can use your phone number for marketing and sales purposes.
\nConsumers receive the code over a phone call instead of receiving the text message.
\nPros: You can receive the call on your cell phones as well as on your landline phones.
\nCons: It requires phone network connectivity to receive the call.
\nLike SMS Authentication, once the consumer enters their login credentials, they receive a unique code in the email. Enter the code to complete the authentication process.
\nPros: You can access the code on any device, hence, removing the need to have a mobile phone nearby.
\nCons: You should avoid logging into your email account on public computers or while you're connected to an unsecured Wi-Fi hotspot.
\nInstead of sending a code, a push notification is sent directly to a secure application on the user's device, e.g., a mobile phone asking them to confirm an authentication attempt is made from another device. The consumer can approve or deny access by pressing a button on the device.
\nPros: It provides a better user experience as the consumer does not need to type the code.
\nCons: The push notifications can be compromised if the device is lost, stolen, or someone gets access to the device. Your phone should have access to the internet to complete the push notification. If you are logging from multiple devices or multiple times, you will get many notifications. Hence, you might ignore the authentication information like IP address, location, etc. In the push and approve it without thinking, can grant access to the malicious person.
\nThis requires the consumer to install an authenticator app, e.g., Google Authenticator, to their mobile devices. During registration, the consumers will scan a QR code from the website with the app. The app will auto-generate a Time-Based One Time Password (TOTP) that the consumer will have to enter after they've provided their login credentials. LoginRadius supports MFA via an authenticator app, e.g., Google authenticator.
\nPros: It gives an advantage over SMS Authentication as the code is not sent over the telecom network, but the device is required to be connected to the internet. You can scan the QR code by multiple devices to avoid getting locked out.
\nCons: The authenticator app generates the code with a very short validity, which results in entering invalid codes into your service. Some malware can steal MFA code directly from the authenticator app.
\nU2F is an open authentication standard that leverages encrypted security keys to verify the identity. The consumer needs to plug in a physical security device carrying encrypted security keys into a USB port after submitting their login credentials.
\nPros: This is one of the most secure MFA authentication methods as the device works with the registered site only and can't be digitally intercepted or redirected. Also, the devices don't store any personal information. The consumers can't be authenticated without the physical device.
\nCons: U2F keys require a USB port to plug in the device, making this an untenable solution for mobile devices or devices without USB ports. There is also a cost involved in purchasing these physical devices. Employees mostly use this within an enterprise as they are required to carry the physical device for login.
\nNote: The consumers are mostly provided a set of backup codes to complete the second factor in the event of the device being lost, stolen, or not being accessible. It is recommended to keep these backup codes securely.
\nThe consumer verifies the device's identity using Biometric factors like a Fingerprint, Eye scan, Facial recognition, or Voice recognition on the device. This is mostly used in mobile applications for authenticating the consumers on smartphones with biometric verification capability.
\nLoginRadius supports various forms of biometric authentication e.g. TouchID. You can leverage Any third-party biometric services to provide secondary forms of authentication to consumers.
\nPros: It is complicated to hack biometrics.
\nCons: You can only login into the devices with biometric verification capabilities. The registered services can misuse your biometrics. Once your biometrics are hacked, you can not use them for any applications in the future.
\nWhen the consumer tries to log in to a device, the device location is derived from its IP address or GPS. If the device's location is listed as allowable in the system, access to the system is granted. LoginRadius supports triggering actions based on the stored city, browser, or device. Please see the LoginRadius Risk Based Authentication document for more information.
\nPros: This provides the best user experience as it does not require additional devices or steps to complete MFA.
\nCons: You can only access the device in specific locations or devices.
\nYou can leverage any Multi-factor Authentication method to improve security over the traditional username and password authentication. But none of the MFA methods is 100% foolproof and should not be used as a single factor of account protection. Also, MFA causes the login process longer for the consumer. Hence, the choice of any or combination of MFA methods depends on your business requirements around security and user experience. Here are some recommendations:
\nE-commerce business is growing day by day as it saves time and cost for people traveling to meet or perform businesses in person. More people are conducting business online by creating accounts using email or phone verification. This has posed a challenge for everyone to identify the persons who we are claiming online. Online hackers have used false Identity to deceive or defraud someone else. Hence, Electronic Identity ( eID) provides a way for businesses to verify a person's identity online and reduce the chances of Identity Fraud.
\nElectronic identity is an electronic card or device with a unique identity number issued by either a government agency or some banks. A consumer needs to go to the government agency or some banks and show valid identity documents. After the document verification, an Electronic Identity is issued to the consumer. Examples of e-IDs are Danish NemID, Swedish BankID, and Dutch DigiD.
\nMost service providers such as financial institutions and insurance firms provide services online and are recognizing an opportunity in implementing eID due to strict Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements.
\neIDs are used to authenticate consumers online across multiple platforms and services. eIDs also allow the consumers to sign documents online, and the companies can trust the signature as the electronic identity is issued by the government or banks based on physical identity documents. This is fast, convenient, and secure for the consumers as they are saved from completing registration forms for multiple services. Hence, this increases the conversion for the businesses.
\nLoginRadius supports all the major industry federated SSO methods. Hence, you can integrate eID authentication with LoginRadius using some third application like Criipto, which supports the industry-standard SSO methods. Criipto allows the integration of an eID with the LoginRadius application using JWT SSO Login flow. Jason Web Token ( JWT) is a signed token that transfers the information from one service to another securely.
\nPlease see the following steps to register your LoginRadius app in your Criipto account.
\nAdd the following information:\n
Data Mapping:
\n