You’ve likely heard about systems being compromised, allowing malicious actors to obtain usernames, passwords, and other sensitive data. For example, 3 billion Yahoo user accounts were compromised in 2014, the vast majority of which included passwords. Sensitive information for 150 million users of Under Armor’s MyFitnessPal application was exposed in 2018 including usernames, email addresses, and passwords for many accounts.

This blog post briefly explains how the robust cloud security technology we use makes it impossible to have your password exposed…because we don’t know what your password is.

The very first step of logging into your Ondema Workspace is to change your password. When you create a new password, software running in your browser creates a cryptographic token called a verifier that is stored on our server. We never receiver the actual password you select.

When you log into your Workspace, your browser uses Secure Remote Password (SRP) protocol. What this means is that:

  1. When you type your password into the browser, the browser uses your password to perform a cryptographic calculation. The result of this calculation is shared with Ondema’s authentication service without sending the actual password.
  2. The authentication service evaluates the result of the calculation that took place in the browser to validate that you typed in the correct password (using the verifier mentioned above). Your password is checked without ever leaving your browser.

SRP is one of the many benefits of cloud, and just the beginning of what we do for authentication.

Managing secure authentication involves solving a number of complicated problems. Rather than trying to reinvent the wheel, we use Amazon Web Services (AWS) Cognito. Cognito is a leading authentication and identity solution maintained by one of the best security teams in the industry. Meanwhile, we can stay focused on constantly improving the user experience and creating features that are important to our customers.

Cognito also allows us to robustly support our enterprise customers with a variety of features including federation, two-factor authentication, custom password rules, and single-tenant directories.

While we’re on the topic of passwords, please remember that it is extremely important to use different passwords for different accounts (use a password manager for this)!

To learn more about SRP or Cognito:

Submit a comment

You may also like

Inventory Management Models Explained With Nunchucks - Pt. I
Inventory Management Models Explained With Nunchucks - Pt. I
27 January, 2021

This post introduces the Newsvendor inventory management model and walks through usage, decision criteria, inputs, and t...

Inventory Management Explained With Nunchucks - Part Two
Inventory Management Explained With Nunchucks - Part Two
11 February, 2021

This post, the second in our inventory management series, introduces the EOQ inventory management model and walks throug...

Free, Turnkey Excel Models for Inventory Management
Free, Turnkey Excel Models for Inventory Management
19 March, 2021

A few of our manufacturing customers inquired if we could turn our inventory management blog posts into a model. So we d...