1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is it time for Identity as a Service?

Discussion in 'CSO' started by RSS, Nov 9, 2015.

  1. RSS

    RSS New Member Member

    From Target to TalkTalk to whoever gets breached next week, the litany of companies that have lost customer data should be making businesses rethink not just how they protect customer information and accounts, but whether they want to be running customer and consumer identity services themselves.

    Despite the fact that attacks are routine, user identity details are often poorly protected. A quick glance at Stack Exchange reveals a worrying number of developers who don’t know how to handle encryption or store usernames and passwords securely. Many companies have support practices that put customer data at risk, from technical mistakes like cross-site scripting vulnerabilities or serving login pages insecurely, to poor architectural decisions like blocking password managers or handling password resets badly, including emailing plain text passwords. The Plain Text Offenders site and security expert Troy Hunt both collect examples, many of them from household names.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page