Onegini introduced Multi-Factor Authentication at the Liferay Developer event. It was great to see the community embracing a solution like this. In this post we combined an FAQ, the full presentation and the slides in case you missed it. Hope you enjoy it as much as we did.
Passwords must disappear. That's what security advocates say. Just like credit cards, fridges that are unconnected to the super market and doors that lock with a key? In reality banks with low efforts in security are hacked and consumers don't really care. With the same consumer mindset we run companies. Security is a checkbox, not a critical part of your company. We just blame someone when it goes wrong and eat the costs.
In this blogpost you'll learn why that's a mistake in 2017. You'll see why passwords are not like fridges connected to the supermarket, but more like cassette tapes that are a waste of your time. You can write a blogpost on cassette nostalgia but we all know there are lots of better options to choose from: from Spotify to Apple Music to CD players. I'll review the best alternatives to passwords, so you can be the first to write a blogpost on password nostalgia.
The process of buying things online is a delicate one. Whether you're selling shoes, insurances and/or services. Any additional step or roadblock will cost you buyers. Login - no matter how easy - is such a step. When I enter a store I don't have to show my ID. There should be no need to login online when you want to buy things. Right? Let's do a thought experiment and check the requirements. I'll give you a little teaser: it's not as easy as it sounds...
The insurance industry is shifting focus towards prevention and insights. This means developing valuable relationships with your customers while saving money on claims. According to Bain research, 5% increased customer retention will increase profits with more than 25%!
However many insurers have a paper-only relationship with most of their millions of customers. Before you can start to improve the relationship with your customers, you need to get them online.
Six tips for seamless and secure onboarding!
Buy a pair of shoes. Get the extras on your car insurance. How many online transactions do you do in a week? Do you ever wonder what would happen if the other party would say: "You also bought this and this". Where is the proof you didn't? Companies have the same problem the other way around. How can they prove you did the transaction? What if you would just say: "it wasn't me"? It's a trust economy. Once the trust is broken, the transactions stop.
Start using your customer's mobile device for a signature. Fast, traceable and secure. Maybe you need a pincode on top. Or maybe a QR code scan or fingerprint? Enter transaction signing in the Onegini MSP 3.1. I'll explain the technical details, the options you can use to configure it, and how it works functionally. Tracable. No man in the middle. No hard thinking. At the heart of it all lies a user's private key and a lot of cryptography and legislation you don't have to worry about.
Your browser knows a trick to prevent hackers from accessing your api’s using your session: the same-origin policy. It makes sure your api's can't be accessed by malicious websites. Let's say you're logged in on facebook.com and open another tab in your browser and access myhackedsite.com. Your browser shares sessions between tabs, so without the same-origin policy, myhackedsite.com could access all the api's from your facebook account using your session. Thank you same-origin policy for not letting myhackedsite.com post all kinds of weird things on my facebook timeline.
Apigee a Google Cloud Platform company and Onegini will cover the security on API level and on mobile level to help you understand what to look for when opening up your data to the outside world and achieve real end-to-end security.
In this blog I would like to explain that an enterprise mobility solution (EMM) does not work for consumers apps. Consumer apps are different because you cannot control the device. Instead of focusing on the device security, you need to focus on App security. You do not have any control over the device, so the security needs the be more advanced, layered, end-2-end, to protect your data.