When trying to protect customer accounts, managing risk is a hot topic within organizations. In order to build and maintain customer loyalty, providing the best user experience is a high priority. But the best user experience can leave an organization at risk. Managing risk isn’t always about making threat models better or reducing false positives. In some cases you want to add friction when in...
“The ability to put security into the context of the user and in the flow of their regular interactions with your service makes it less necessary for you to have millions of security engineers to monitor what’s going on, because some of that is now in the hands of the consumer where they are able to make those better decisions.” ~ Adrian Ludwig, Atlassian Getting Users Involved In...
Today we’re releasing our integration with Cloudflare; an adaptive authentication layer implemented on the edge. This is not just yet another way of integrating Castle — it’s the codeless way of integrating Castle. The module is built on top of Cloudflare’s recent release of Apps with Workers, and the plan is to eventually open-source it and bring the same functionality to...
Strong Security Should be Easy. Asking your consumers again and again to take responsibility for their security through robust passwords and other security measures doesn’t work. The responsibility of security needs to shift from end users to the companies who serve them. In a blog post I recently wrote for Cloudflare, I describe our most recent initiative on how Castle is leading the...
Since posting my most recent blog on “I Am An Account Takeover Victim,” I have had many people respond to me with similar stories. All of them named very well known brands that we are familiar with–companies offering global movie streaming, food delivery services, online software, banking, and more. Everyone ranted about the significant amount of time and frustration they went through...
How an organization handles an Account Takeover can have a significant impact on consumer trust and retention. Recently I became a victim and the response has made me re-think about my loyalty to this brand. Here’s what happened: “Email address/account does not exist.” I enter my username and password again and receive the same message. I try password reset and get the same message...
No business wants to allow a bad actor to launch a successful account takeover attack on its users. As such, there are many tools available that can help block malicious traffic. There is an interesting challenge however, that is becoming more and more apparent as attacks become increasingly sophisticated. How do you tease out the ‘definitely bad traffic’ from the ‘maybe bad traffic’? What is an...
No matter your online activity, you don’t want your accounts taken over by someone else. You’d be unhappy to hear that someone logged into your BestBuy account to use your credit card to buy an 82” LED TV. You’d be upset if someone took over your Twitter account, posted spammy content, and then locked you out. The bottom line? No one wants their online accounts taken over– and no company wants...
In 2015, Sebastian and I created Castle with a simple vision. We saw that it was increasingly difficult for companies to access their online accounts and keep their users safe. We also saw that consumers were being asked again and again to take responsibility for their security through robust passwords and other security measures. We started Castle because we wanted to figure out a way to shift...
We are excited to share a new feature in the dashboard that is aimed to help make the Castle Integration more friendly and self service for developers! When you log into your Castle dashboard, in the top navigation bar, you will now find the Integration Debugger Console. The new Debugger works with all of your Castle environments. It is made of of 4 primary sections, each of which are...