<img src="https://secure.leadforensics.com/32105.png" style="display:none;">

Data breach of largest Identity Management Vendor brings encryption methods into focus

You may or may not be aware that the world’s largest Identity Management vendor suffered a data breach which made the news because of the number of their customers affected.

We wanted to take this opportunity to reassure you that due to the way in which My1Login is architected, your data is not exposed to the same level of risk.

In regards to cloud-based Identity & Access Management, there are two distinct methods of encryption architecture. The most secure method is where the IAM vendor does not have access to their customers’ encryption keys, with the encryption of customer authentication data (e.g. usernames and passwords) taking place inside the customer’s environment, and the encrypted output of this process being stored with the vendor. This method ensures that the IAM vendor cannot access their customers’ authentication data, and anything that is stored on the IAM vendor’s servers is useless in the hands of malicious actors without the corresponding encryption keys.

However, the most common, and less secure, method of architecture is where the IAM vendor has access to their customers’ encryption keys and the encryption of customer data is carried out on the IAM vendor’s servers. This method carries the greatest risk of exposing unencrypted customer authentication data to those with malicious intent should the vendor be breached.

The method of encryption employed by an IAM vendor is an important question to ask for those who already have an incumbent solution or are considering one.

 

Back to Blog

Related Articles

Five mistakes businesses make which cause data breaches

The frequency and severity of data breaches are continuing to grow, with the cost of the average breach rising again in 2021 to over £3 million. The previous year,...

Are Brute Force Attacks Still a Threat in 2022?

Brute force attacks are one of the oldest and simplest methods for cracking passwords – whereby an attacker simply submits as many passwords as possible, relying on...

What is a zero trust model and why should you adopt it?

Zero Trust is a security model which states that actors and systems should not be automatically trusted solely because they exist within a security perimeter and...