Today we’re releasing our integration with Cloudflare; an adaptive authentication layer implemented on the edge. This is not just yet another way of integrating Castle — it’s the codeless way of integrating Castle. The module is built on top of Cloudflare’s recent release of Apps with Workers, and the plan is to eventually open-source it and bring the same functionality to...
Strong Security Should be Easy. Asking your consumers again and again to take responsibility for their security through robust passwords and other security measures doesn’t work. The responsibility of security needs to shift from end users to the companies who serve them. In a blog post I recently wrote for Cloudflare, I describe our most recent initiative on how Castle is leading the...
Since posting my most recent blog on “I Am An Account Takeover Victim,” I have had many people respond to me with similar stories. All of them named very well known brands that we are familiar with–companies offering global movie streaming, food delivery services, online software, banking, and more. Everyone ranted about the significant amount of time and frustration they went through...
How an organization handles an Account Takeover can have a significant impact on consumer trust and retention. Recently I became a victim and the response has made me re-think about my loyalty to this brand. Here’s what happened: “Email address/account does not exist.” I enter my username and password again and receive the same message. I try password reset and get the same message...
No business wants to allow a bad actor to launch a successful account takeover attack on its users. As such, there are many tools available that can help block malicious traffic. There is an interesting challenge however, that is becoming more and more apparent as attacks become increasingly sophisticated. How do you tease out the ‘definitely bad traffic’ from the ‘maybe bad traffic’? What is an...
No matter your online activity, you don’t want your accounts taken over by someone else. You’d be unhappy to hear that someone logged into your BestBuy account to use your credit card to buy an 82” LED TV. You’d be upset if someone took over your Twitter account, posted spammy content, and then locked you out. The bottom line? No one wants their online accounts taken over– and no company wants...
In 2015, Sebastian and I created Castle with a simple vision. We saw that it was increasingly difficult for companies to access their online accounts and keep their users safe. We also saw that consumers were being asked again and again to take responsibility for their security through robust passwords and other security measures. We started Castle because we wanted to figure out a way to shift...
We are excited to share a new feature in the dashboard that is aimed to help make the Castle Integration more friendly and self service for developers! When you log into your Castle dashboard, in the top navigation bar, you will now find the Integration Debugger Console. The new Debugger works with all of your Castle environments. It is made of of 4 primary sections, each of which are...
At Castle, we are focused on building tools that power end-to-end user security alongside a frictionless user experience. We believe that when it comes to protecting your users, the ability to detect unauthorized access to their accounts is just the beginning. Beyond the detection, developers are using Castle’s APIs to block the unauthorized access in-line, notify their users in real-time of...
Last week, Reddit announced a security incident in which an attacker compromised employee accounts for Reddit’s cloud and source code hosting providers. Breaches like this serve as reality checks to those of us responsible for securing user data and identities online. Hats off to the Reddit team for the way this incident was handled as incidents are nightmares to deal with, both for users and...