![](\"/eb7252946d79f23eab5aca02ae64256d/Screen-Shot-2019-10-30-at-1.31.52-PM.webp\")
This blog is part 1 of a series on gRPC. Part 1 will go over some important concepts, part 2 will be a walkthrough of a client-server implementation in Go, and part 3 will be about LoginRadius' experience migrating to gRPC!
\ngRPC
\ngRPC, simply put, is just another way to send data across networks. It can be used to communicate between services in a microservice architecture, where a single service can interact with multiple others. Similarly, in client-server models, there can be multiple clients communicating with a common backend server.
\n
The gRPC framework was initially developed at Google and is now open-source. It is a modern implementation of the RPC (Remote Procedure Call) protocol, which has been around since the 80s. You will often see gRPC being compared to other technologies like SOAP, REST, and GraphQL.
\nSome features:
\nHow is it used to send data?
\ngRPC is based on the idea of calling a remote procedure just like a local one. A procedure is like a function or a method. So, ideally developers can treat remote and local calls similarly. A great thing about gRPC is that developers do not need to know the details of the remote interaction.
\nHere is a diagram from the official grpc docs showing the flow:
\n![](\"/d21748638236fc42aba043d73c0de37f/Screen-Shot-2019-10-30-at-1.35.45-PM-768x480.webp\")
Each client service will include a stub, which is like an interface containing the available remote procedures. These stubs are auto-generated files.
\nBut what does proto refer to? And what are stubs? How can we generate them?
\nTo answer these questions, we need to look at another technology called protocol buffers.
\nProtocol Buffers
\nProtocol buffers (protobufs), are a way to format data for storage and transport. gRPC uses protobufs to format data sent over the wire. It is comparable to other data serialization formats such as JSON, XML, and YAML.
\nSome features:
\nAbility to generate interfaces (stubs) for many languages
\nRequires defining schemas - need to know expected data fields and types
\nBinary format, meaning data is converted into binary when sent over the wire.
\nHow is it used with gRPC?
\nStep 1: Create proto definitions - methods, requests, responses.
\nservice AccountService {\n rpc Find(FindRequest) returns (FindResponse);\n rpc Update(UpdateRequest) returns (UpdateResponse);\n rpc Delete(DeleteRequest) returns (DeleteResponse);\n}message FindRequest {\n string Uid = 1;\n}\n\nmessage FindResponse {\n string Uid = 1;\n string Name = 2;\n int32 Age = 3;\n bool isVerified = 4;\n}Step 2: Compile proto file for auto-generated stubs in desired language.
\nprotoc account.proto --go_out=plugins=grpc:.Step 3: Use stubs in server and clients.
\nThe Big Picture
\n![](\"/bca259a3d4e6268ad603d14ed1f03e10/Screen-Shot-2019-10-30-at-1.57.55-PM.webp\")
Why gRPC?
\nOne compelling reason to use gRPC is that it provides high performance
\nHow does it differ from REST?
\n| \n | gRPC | \nREST | \n
|---|---|---|
| API | \nContract-based i.e. stubs | \nResource-based and relies on HTTP verbs i.e. GET/PUT/POST/DELETE | \n
| Network protocol | \nHTTP/2 | \nHTTP/1.1 or HTTP/2 | \n
| Data serialization format | \nProtocol buffers | \nJSON | \n
| Streaming | \nBuilt-in support for client, server, and bi-directional streaming | \nREST on HTTP/1.1 does not allow streaming | \n
Other Considerations
\nHere, we briefly go over a few other things to consider with gRPC. These will be covered in more detail in another blog.
\nManagement of proto files
\nIf you plan to have multiple proto files and client services, you need some way to manage them for distribution and version control. One solution is to keep all proto files in a central git repository, and maintain versions using git tags.
Using proto2 vs. proto3
\nProtocol buffers have two syntax versions: proto2 and proto3.
Load-Balancing
\nSomething to note about load-balancing gRPC is that HTTP/2 requires L7 (Application Layer) load-balancers. Recall that in HTTP/2, TCP connections are long-lived and requests are multiplexed. This makes L4 (Connection Layer) load-balancers ineffective. This differs from HTTP/1.1 where TCP connections get cycled and can benefit from L4 load-balancers.
That's it for now! To learn more, check out the official gRPC and protobuf docs.
\n","frontmatter":{"date":"October 30, 2019","updated_date":null,"description":null,"title":"Getting Started with gRPC - Part 1 Concepts","tags":["Engineering","gRPC"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1,"src":"/static/23fcca8d49d96b5e61cc171769c93b38/a55b6/grpc.webp","srcSet":"/static/23fcca8d49d96b5e61cc171769c93b38/61e93/grpc.webp 200w,\n/static/23fcca8d49d96b5e61cc171769c93b38/a55b6/grpc.webp 246w","sizes":"(max-width: 246px) 100vw, 246px"}}},"author":{"id":"Andy Yeung","github":null,"avatar":null}}}},{"node":{"excerpt":"Introduction Cross-Site Request Forgery (CSRF) is a common web application attack where a victims’ authenticated session becomes compromised…","fields":{"slug":"/engineering/introduction-to-cross-site-request-forgery-csrf/"},"html":"Introduction
\nCross-Site Request Forgery (CSRF) is a common web application attack where a victims’ authenticated session becomes compromised. This attack essentially tricks a victim into performing unintended tasks on a website they are authenticated in. There are variations to this attack, and a popular one we will discuss is utilizing authentication token to imitate api requests.
\nContext
\nIn order to understand CSRF, it is important to know how cookies and authentication tokens are used for persisting user sessions. Cookies are information stored in the browser, and often used for managing state between HTTP requests. A key feature of cookies is that they are automatically passed as a header in HTTP requests. Authentication tokens are typically stored as cookies, and are a way to keep track of a users’ authenticated session. These tokens are set as cookies after a user successfully authenticates themselves by log in.
\nHow it works
\nCSRF takes advantage of the storage of auth tokens in the browser, and constructs http requests to a target server on behalf of the user. Imitating http requests from the legitimate site requires research and preparation from the attacker beforehand, such as finding vulnerable websites and api’s suitable for the attack.
\n![](\"/29706236a94eec5b8a444b4fd69797b1/image2.webp\")
Here is a high-level example of an CSRF attack. Note that some details are excluded for simplicity, but the key aspects are included.
\nJohn is authenticated on banking.io
\nOn another tab, John clicks on an advertisement for free money, which leads to a malicious site.
\nMalicious site makes a POST request to banking.io/setpassword, which is an api for setting a users password to anything.
\nMitigation
\nA common and effective way of mitigating CSRF is called the double submit cookie. Essentially the client will have two paired and encrypted tokens: one hidden in the page HTML and the other stored as a cookie.
\n![](\"/7a65c1db0bdc228bfa69aeb7455e1e63/image1.webp\")
When a request is made by the client, both tokens are sent to the server, and the server will then ensure the tokens are valid pairs before processing the request as normal.
\n![](\"/846b57c31fe869f9e584127cd5e6d1f7/image3.webp\")
Now the attacker will be unable to perform CSRF since they will not have access to the token hidden in the pages HTML, and the target server requires a valid token pair before processing the request.
\nThere are also many other mitigation techniques, such as using the Same-Site cookie attribute, and requiring user interaction such as CAPTCHA for requests. Learn more on the OWASP wiki).
\n","frontmatter":{"date":"October 30, 2019","updated_date":null,"description":null,"title":"Introduction to Cross-Site Request Forgery (CSRF)","tags":["CSRF"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.3333333333333333,"src":"/static/45655fcaf75e8e3352165b60c7cac47b/1f5c5/crosspath.webp","srcSet":"/static/45655fcaf75e8e3352165b60c7cac47b/61e93/crosspath.webp 200w,\n/static/45655fcaf75e8e3352165b60c7cac47b/1f5c5/crosspath.webp 400w","sizes":"(max-width: 400px) 100vw, 400px"}}},"author":{"id":"Andy Yeung","github":null,"avatar":null}}}},{"node":{"excerpt":"Cybersecurity awareness helps protect enterprises, employees, and customers. That’s why, more than ever, enterprises are working hard to…","fields":{"slug":"/identity/cloud-computing-security-challenges/"},"html":"Cybersecurity awareness helps protect enterprises, employees, and customers. That’s why, more than ever, enterprises are working hard to protect sensitive data against breaches and hacks. Likewise, consumers want to change unsafe habits, so they can better protect their personal and vulnerable information.
\nOne answer may be a cloud-based customer identity and access management (CIAM) solution, like the one we have built at LoginRadius. This would enable more security features like single sign-on, passwordless logins, and multi-factor authentication.
\nDDoS or Denial-of-Service attacks are the number one concern of every cloud provider. These attacks cripple server performance and can take websites down for hours or days, hurting revenue and customer satisfaction. Meanwhile, attackers don’t need to invest in expensive hardware; they can relatively easily launch DDoS attacks over the internet.
\nTo combat cloud-based DDoS attacks, you'll need a responsive platform that can detect possible breaches, identify abnormal network behavior, and block DDoS attacks before they take down your website.
\nOne of the main reasons organizations move to public clouds is the ability to seamlessly apply cloud security measures that are built into the cloud environment and take into account policies, identity, and compliance requirements.
\nCloud migration is a complex and challenging endeavor. Therefore, every aspect of the migration must be treated carefully in order to avoid critical business challenges such as data loss and security breaches.
\nThis is the most common adoption concern when it comes to moving to cloud infrastructure. After all, IT professionals have had full control of everything related to security when it comes to on-premises infrastructure.
\nIt is important that you choose a provider with a proven track record in implementing strong security protocols in their own data centers. This will ensure that the security controls you have in place today remain intact and that any new, vital security controls are added as well.
\nCloud computing providers are expected to ensure the security of customer resources, even during times of high-volume system changes. This goal is particularly difficult because security must be built into the cloud API. Cloud API providers must rely on authentication and authorization tools to validate requests.
\nTo keep your cloud security as strong as possible, you need to prioritize education, not just around best practices for traditional security but also on industry trends. And this is what most enterprises lack today.
\nTeam members should have a good understanding of the basics to start. For example, what is cloud computing and why do they need it? Then the team should identify experts within the organization to teach their colleagues more advanced cloud security, such as industry best practices.
\nCloud security (AKA cloud computing security) is a set of policies, technologies, applications, and controls used to protect data and other material that is stored or run in the cloud.
\nIt’s safe because your files are stored on servers all around the world. This is called a ‘distributed system.’ Your data is encrypted when it travels over the internet, so it’s completely private and protected from hackers and thieves.
\nLuckily, SaaS companies like LoginRadius specialize in cloud security that keeps customer data secure and private. We also offer IDaaS with a number of user authentication services like multi-factor authentication, single sign-on, and identity management.
\nIDaaS is a software platform that focuses on protecting and managing digital identities. At LoginRadius, cloud security is at the core of our customer identity and access management (CIAM) platform. Cloud security is built into the foundation of everything we do—and we have the credentials to prove it.
\nLoginRadius has successfully passed multiple audits and earned several certifications in recognition of our commitment to security. These include SOC 2® and ISAE 3000 Type II audits, which we completed in July and August. The SOC 2, issued by the American Institute of CPAs, is considered to be the highest standard for ensuring the security, availability, processing integrity, and confidentiality of customer data. Meanwhile, the ISAE 3000, issued by the International Federation of Accountants, is a standard for assurance over non-financial information.
\nIn August, we also achieved the ISO 27001 Information Security Standard Accredited certification, which sets the international industry-standard for establishing, implementing, maintaining, and continually improving an information security management system.
\nIn addition, we hold a Security Trust Assurance and Risk (STAR) certification issued by the Cloud Security Alliance (CSA). CSA describes the STAR program as the most powerful cloud security assurance program, \"encompassing key principles of transparency, rigorous auditing, and harmonization of standards.\"
\n![](\"/d2205770d07bd3b466f7642e6d025dbf/Cloud-Security-Challenges-Today-V01.01_02-1024x621.webp\")
Cost-effectiveness
\nTypically, on-premises security solutions require a substantial investment to engineer and maintain.
\nBy contrast, with cloud computing, you don't need to pay anything upfront. That's because cloud security tools are built and operated by a third-party vendor. You only pay for what you need or use through a monthly or annual subscription.
\nMaintenance
\nWith cloud security, a third-party vendor is responsible for maintaining the system, not you. This vendor is the one spending their money and time on upgrading, integrating, and optimizing the system. The vendor also keeps the technology up-to-date, leaving you free to focus on growing your business.
\nScalability
\nCloud servers are made to support massive sign-ins and sudden, dramatic surges of user actions (during a major sports game or popular TV voting system).
\nIn fact, the LoginRadius Identity Platform was designed with service provider-class scale in mind. The distributed CIAM network has regularly experienced peak transaction volumes in excess of 150,000 logins per second, and typically handles 10,000 requests per second with less than 500 milliseconds latency. Check our live status to see more.
\nCompliance
\nAny enterprise that stores customer data must comply with global privacy regulations. These regulations govern how you seek customer consent to use their data and what you do with that data.
\nThe European Union's General Data Protection Regulation (GDPR) is just one example of this kind of legislation. With cloud security, your third-party vendor is responsible for compliance and has the expertise to do so.
\nSecure Data Access
\nCustomer access to their data is a requirement of the California Consumer Privacy Act (CCPA), and non-compliance can result in hefty fines. However, data stored on cloud services is instantly available to authorized users. On the cloud, centralized data can be backed up regularly and restored quickly in case disaster recovery is ever necessary.
\n![\"SASE-approach\"](\"/fa88a9e70426c2aaf7daf7d4265e1351/SASE-approach.webp\")
Better Performance
\nJust as cloud technology powers its way into transforming entire industries, so does its technology progressively cut down on latency times and work to improve overall performance.
\nMoreover, a third-party data center provider can speed up your hardware refresh cycles and deliver the latest high-performance equipment. With a third-party data center provider, all you need to do is add more power or expand the floor space when you need it. You don’t have to worry about maintaining huge backup spares, or worry about the manufacturer’s end-of-life (EOL) replacement schedules.
\nSpeed to Market
\nCloud computing enables enterprises to provision resources for development and testing across a wide variety of environments. Once they are complete, applications can be rapidly deployed into an operational environment hosted on the cloud for a smooth launch.
\nAs these environments feature elastic scaling capabilities, organizations no longer need to worry about an incorrect capacity estimate impacting their ability to scale on demand.
\nCloud Security Alliance
\nThe Cloud Security Alliance is the world's leading organization dedicated to defining and raising awareness of cloud security best practices.
\nLoginRadius is a member, along with other experts in cloud security. Together, CSA members share up-to-date developments about the cloud computing environment. We recognize emerging security risks so that we can improve cloud security for everyone.
\n![\"book-a-demo-loginradius\"](\"/1bebf239d110701b9b534d7eb481a5ac/image5.webp\")
When it comes to online security, the battle cry among experts lately is: “The future is passwordless!” So, why is passwordless authentication so important?
\nSimple. Passwords are just too easy to guess, hack, or intercept. What’s more, the legacy of password reuse is leading to constant attack and account vulnerabilities.
\nHowever, modern-day passwordless authentication security goes beyond the use of password and username credentials.
\nSo, whether your organization wants to replace passwords or is determined to keep using them, you must first understand password weaknesses. Here are a few:
\nRemember that we’re not dealing with bored, out-of-work hackers playing for thrills. Rather, these are often well-established criminal organizations using high-end machine learning (for big profit).
\nA passwordless authentication system is one that swaps the use of a traditional password with more secure factors. These extra-security methods may include a magic link, fingerprint, PIN, or a secret token delivered via email or text message.
\nMost people have questions regarding the reliability of passwordless authentication and they always question themselves- is passwordless more secure? Well, passwordless login eliminates the need to generate passwords altogether. There’s a lot of good in this new-age process for both users and organizations alike.
\nFor users, since one need not type passwords anymore, it leads to a better screen time experience. While for organizations, it will lead to fewer breaches and support costs.
\nThe good news is that the list doesn’t stop here. Let’s learn more.
\nLet’s quickly compare passwordless and traditional authentication and learn how secure is passwordless authentication:
\nThe use of passwordless authentication security in businesses is multifold. For example, you can go passwordless for internal security, online consumers, or even combine the two of them.
\nA few use cases of passwordless authentication include:
\nWith passwordless login, it is much easier to keep information about your users safe and implement tighter security measures for your employees.
\nSpeaking of non-profit organizations, passwordless authentication can do wonders to the security of the donation process.
\nAlso, when a person donates to an NGO, they can have their payment information like name, card details, expiry dates etc. saved using passwordless options like email authentication. So the next time they plan to donate, they won't need to fill in the basic information.
\nWe’ve learned how is passwordless more secure. Now let’s explore its benefits:
\nImproved user experience: Be it fingerprint scanning, social media sign-in, PIN authentication, or email verification, you no longer need to memorize any credentials whatsoever.
\nPasswordless authentication only takes a few basic steps and works on both websites and mobile applications alike.
\nIncreased cost-effectiveness: Passwords require constant maintenance. According to Forrester, the average cost of one password reset for a company is $70. For large enterprises, this figure reaches $1 million USD each year.
\nNeedless to say, eliminating passwords will not just save time and productivity, but also a bulk load of expenses.
\nStronger security: User-controlled passwords are vulnerable to attacks like phishing, credential stuffing, brute force attacks, corporate account takeover (CATO), and more.
\nSo, when there is no password to hack in the first place, those vulnerabilities will automatically decrease.
\nIT Gains Control and Visibility: Phishing, reuse, and password sharing are just a few of the issues related to password-based authentication.
\nSo, when there is no need for passwords in the first place, IT can reclaim its purpose of having complete visibility over identity and access management.
\nWith passwords out of the picture, the following are a few attacks that businesses can dodge by implementing passwordless authentication into their systems.
\n![\"Passwordless](\"/ed01fc7fdf96152fcc18b7f6e2369834/DS-Product-Passwordless-Login-1024x310.webp\")
A common issue with using passwords for authentication lies in the fact that customers want the quickest way to log in to their accounts. After all, the longer it takes for a consumer to sign-up, or make a purchase, they will more likely tend to bounce. Other reasons why passwords bounce include:
\nDue to bad password practices, chances are consumers may be putting their accounts at risk. This is one of the strongest reasons why passwordless authentication is preferred by consumers and enterprises as their preferred method of authentication.
\nIn a typical application, passwordless authentication can be implemented through different approaches. Here’s a list of the most common ones.
\nThis is one of the most common login systems. The user is asked to enter the email address. A unique code (or magic link) is then created and sent to the associated email ID. When the user clicks on the link, the server triggers an action to verify if the code is valid within a certain timeframe (e.g. three minutes) and then swaps it for a long-time validation token. If the authentication is successful, the user is let in.
\nSocial login is the method of authentication using a social network provider like Facebook, Twitter, or Google. The user enters your application and selects a social network provider. A login request is then sent to the provider and after the provider approves it, the user is allowed to access their application. There is no need for passwords at all.
\nHere’s a convenient, easy-to-implement way to onboard a user. SMS-based login eliminates the need to create additional credentials, thereby easing the basic authentication process. The steps are simple: A user must enter a valid phone number; then the server sends a single-use code to that number which the user must enter to log in to the service.
\nBiometric authentication services focus on growing technologies like fingerprint, face, or iris scans. The technology works on smartphones where users press their thumbs on their smartphone scanners to authorize their identities and gain access to their accounts. Both Android and Apple offer biometric login options that are popular for their convenience.
\n![\"image](\"/a1d76f9568d4e91319ebc88ec601082d/Passwordless-Authentication-shield-image-1024x576.webp\")
The technology behind passwordless login is similar to that of digital certificates. There are cryptographic key pairs that include a private and public key.
\nTo understand how this works, think of the public key as the padlock. The private key, on the other hand, is what unlocks the padlock. To sum up, there is only one key for the padlock and in return, one padlock for the key.
\nThis means that whenever a user wishes to create a secure account, a public-private key pair must be generated. This is usually done via tools like a mobile app or a browser extension. Here are the steps:
\nToday’s passwordless authentication follows the FIDO2 standard. It includes WebAuthn and CTAP that help organizations keep their passwords secure.
\n![\"flowchart](\"/e87ea235483268977b7dd24ed6f0cdc2/Passwordless-Login-Flowchart-1024x549.webp\")
Wondering how it works?
\nLet’s assume you’re a service provider and you store customer public keys in “public”.
\nThat may sound risky, but here’s the catch. If a hacker obtains that public key, the data will be of no use without the private key that unlocks it. The best part is that the private key remains with the end-user.
\nAs the landscape of cybersecurity evolves, several emerging trends in passwordless security are reshaping how we protect digital identities:
\nBiometric authentication methods, such as fingerprint scanning, facial recognition, or iris scans, are gaining traction. These methods offer a seamless and secure way to authenticate users without the need for traditional passwords.
\nThe use of magic links sent via email is becoming popular. Users can simply click on a unique link to access their accounts, eliminating the need to remember passwords. This method enhances user experience and streamlines the login process.
\nIntegrating social media accounts for authentication is a rising trend. Users can leverage their existing social media profiles to log in to various platforms, reducing the burden of creating and managing multiple passwords.
\nHardware tokens and smart cards provide physical, secure methods of authentication. These devices generate unique codes or require physical presence for access, adding an extra layer of security to passwordless authentication.
\nThe best way to provide seamless registration and authentication for your customers is with a passwordless login solution. This gives them a hassle-free way to access their accounts—with no passwords needed!
\nThe LoginRadius Identity Platform is an out-of-the-box way for you to do this easily. The identity and access management platform is fully customizable too, so you can simplify your customer experience to suit your company’s needs.
\nHere’s how the platform works.
\n![\"activating](\"/db128da0e3d5e449bf98248eeb11ab13/activating-passwordless-login-in-loginradius-1024x504.webp\")
Step 1: On the website login page, a customer will be asked to enter the email address. It will act as their username too.
\nStep 2: LoginRadius will send a temporary verification link to the associated email address. You can custom-set the duration that link will remain active before it expires.
\nStep 3: The customer is prompted to click the verification link, which is then authenticated and redirected to the website the customer originated from.
\nIt’s as simple as that!
\nNot only is remembering password characters a pain but logging in by password alone is not very secure. By removing passwords, you can reduce costs to your IT and customer service departments. The icing on the cake is that passwordless logins improve customer experience. That’s great for your brand reputation and your bottom line.
\nIf your company is not on board with passwordless authentication yet, the time to act is now.
\nQ: Is passwordless authentication safer?
\nA: Yes, passwordless authentication is considered safer as it eliminates the vulnerabilities associated with traditional passwords, such as phishing and brute force attacks.
\nQ: What is the difference between passwordless and OTP?
\nA: Passwordless authentication eliminates the need for a password entirely, relying on methods like biometrics or magic links. OTP (One-Time Password) is a temporary code sent to a user's device, often used as a second factor in authentication.
\nQ: What is the difference between passwordless and SSO?
\nA: Passwordless authentication focuses on eliminating passwords, while Single Sign-On (SSO) allows users to access multiple applications with one set of login credentials.
\nQ: What is 2FA or passwordless?
\nA: 2FA (Two-Factor Authentication) requires two forms of verification for access. Passwordless authentication, on the other hand, allows users to log in without using a traditional password, using methods like biometrics or email links.
\n![\"book-a-free-demo-loginradius\"](\"/788a6a84e389edac18728007099fdc1d/Book-a-free-demo-request-1024x310.webp\")
At LoginRadius, we are passionate about creating efficient processes to provide seamless online login experiences. At the KuppingerCole Consumer Identity World event in Seattle, our CEO, Rakesh Soni, gave an insightful presentation on the importance of Marketing and Engineering collaboration to achieve this goal. In essence, working together maximize's each team's strength by eliminating each team's limitations. His presentation can be downloaded here and you can read the summary below.
\nConsumer Identity World is a three-day annual conference hosted by KuppingerCole for leaders who secure consumer digital identities. Topics for discussion often include Customer Identity & Access Management (CIAM) strategies, customer privacy and consent management, and methods for improving customer experience.
\nKuppingerCole is a renowned, independent analyst organization that specializes in neutral advice, thought leadership, and practical relevance regarding CIAM, as well as IAM. The latter acronym stands for Identity & Access Management. Simply put, IAM is a platform built for managing and securing employee identities, rather than customer identities. More information about the difference between IAM vs. CIAM can be found here.
\nThroughout the three days at Consumer Identity World, attendees networked and learned about the latest news in data security, privacy regulations, and login authentication. Our CEO, Rakesh, contributed to this conversation with a presentation on the vital need for Marketing and Engineering teams to unite. By combining the skills and insights of both teams, companies can better serve today’s modern digital user.
\nSociety is constantly becoming more digitalized. Online services completely changed consumer behavior—we shop, pay bills, and call rides online. So, when businesses provide services, they should understand the characteristics of today’s digital users. Here are a few:
\nRakesh also stressed that digital users want quick, hassle-free service when:
\nMarketing Team Strengths
\nMarketing Team Weaknesses
\nEngineering Team Strengths
\nEngineering Team Weaknesses
\nBy combining their different skills and insights two teams become a stronger whole.
\nThere are two main ways to join Marketing and Engineering teams, so you can create a modern online experience. Here’s how your Executive Team can help implement this.
\nThe first way is for the Executive team to create a culture of collaboration between Marketing and Engineering.
\nMake it clear that they both have the same goal:
\nBoth teams want to provide a frictionless online experience for customers.
\n![\"kuppingercole\"](\"/ec87d1feea4c4c2a8af7c538293caba4/kuppingercole.webp\")
Next, highlight each team’s strengths and how the other team contributes to the overall goal. Management should ensure their teams feel empowered and excited to work with each other.
\nAdditionally, the Executive team should seek to build a team of experts. This team should be responsible for developing and maintaining a high-performance system.
\nVital features of this system include:
\nYour collaborative dream team should include individuals who specialize in identity, DevOps, third-party integrations, UX, and consumer behaviour. They should continue to research and develop a high performing customer ID and experience engine. Once this in place, this team of experts should work to continuously maintain it.
\nCreating collaboration between Marketing and Engineering can greatly improve online services. This culture and structure of working together is key in meeting these needs and evolving in the future. And it is up to the Executive team to ensure that this collaboration is successful.
\nClick here to download a PDF of the full presentation.
In business, digital identity management primarily refers to the way a customer’s personal information is safely collected, stored, and accessed.
\nWhile this may appear simple, many businesses fall prey to misconceptions about building or managing a customer’s digital identity. To help you leverage customer identity data, let’s discuss the top three misconceptions that trip businesses up.
\n![](\"/f3d824c7434598f4c7e2ab2dbf1db537/Digital-Identity-Management-5-Ways-to-Win-V01.02-02-1024x576.webp\")
Many businesses make the mistake of putting sensitive personal information like full names or social insurance numbers in their system to track customer identities. Due to the proliferation of data breaches, this is risky. Safer methods should be used instead, such as coded customer numbers.
\n2. “You can only get customer insights from surveys or forms.”
\nSure, one way of getting consumer insights is having them fill out a form on your site. Another way is to use a device ID to identify customer behavior
\nBut what about consumers who own multiple devices, have separate digital IDs at work and home, and access the internet through multiple IP addresses or 3rd-party apps? When you gather data from multiple sources, you’ll need to compile this and store it in one place. But how?
\nWith customer identity and access management (CIAM) software, you can access an individual’s extensive data from multiple sources. Even “anonymous” user data can help you create a customer identity. You can even gather data through progressive profiling—a gradual, more natural way for customers to share their personal information.
\n3. “Consumer behavior analytics is all you need.”
\nDue to marketing’s reliance on user experience mapping, session analytics, and content engagements, this myth is rampant. As a result, many businesses mistakenly think “behavioral” data is all they need for digital identity management. Not true. In the next section, we’ll explain why.
\n![](\"/b94010577baaf8e693d46fc305da47a4/01-dashboard-1024x865.webp\")
We live in an era where data is the most valuable commodity in the world. However, where there is value, there is also risk. For instance...
\nDid you know that 60% of companies fail within 6 months of a cyber attack?
\nMalicious software, hackers, online fraud, and user errors all pose a danger to the digital identification data that you collect or store.
\n![\"digital-identity-trends-2019\"](\"/ec1776169c43e41554911ec0182070ed/digital-identity-trends-2019.webp\")
For businesses that collect or store customer data, security is vital to winning and maintaining customer trust. If you’re uncertain how, here are 5 methods that can help.
\n1. Collect only what’s needed
\nMany businesses are quick to collect an array of customer data during the registration process. If you don’t take the time to consider if/why/how you’ll use all of this data— or determine the right time to collect this information—you’ll run into a lot of issues.
\nCollecting unnecessary data wastes resources and increases the risk of identity theft. Plus, gathering too much data also causes customers to abandon registration, as it slows down the process and feels intrusive.
\n2. Invest in data encryption and hashing.
\nWhen data is in transit from one server to another, it’s at its most vulnerable. That’s why encryption in transit is crucial to data protection. Likewise, encryption at rest is necessary for data governance and compliance efforts.
\nWhen it comes to hackers, anything that has been coded can be decoded. Thus, utilizing one-way hashing for safeguarding sensitive data like passwords is a must-do.
\nSafety Tip: When you implement encryption at rest and encryption in transit, be sure that you’re using a platform with an ISO 27001 certification. This ensures that your system complies with industry-leading standards for information security and risk management.
\n3. Limit access to data.
\nNot all data is in use continuously. That’s why sensitive customer data should not be accessible to everyone, all the time.
\nUtilizing field-level encryption allows you to set up access based on an individual’s role. In other words, field-level encryption is the ability to encrypt data within specific data fields, making this data unreadable to anyone who lacks access or the keys to decrypt this data.
\n4. Require safer authentication.
\nWhile some tech-savvy users know how to look after their personal information, many are unaware of how digital identity verification impacts security.
\nTo reduce risk, it’s important to invest in systems that enable a higher level of passwordless login. One method, multi-factor authentication (MFA), uses an SMS or a call-in code, and/or an email link as extra levels of security.
\nAnother method, risk-based authentication (RBA), recognizes user patterns and alerts your system if this pattern suddenly changes. For example, if someone tries to log in from a foreign country or a new IP address, an email will be sent to the registered user, asking them to validate the action.
\n5. Respect your customers.
\nIn the past, digital identity management practices were not very respectful of customer privacy. But soon, customers demanded better—and compliance regulations were born.
\nCompliance regulations require businesses to communicate with customers about why their data is collected, by whom, and what will be done with it. It also demands customer consent before collecting their data.
\nDid you know that requesting consent can also strengthen your brand reputation and build customer trust? That’s why it’s smart to employ a compliance-ready platform now. This will prepare your business for global data regulations while also fostering customer loyalty.
\nIs there one way to achieve all 5 gold standards?
\nYes—with CIAM software. LoginRadius CIAM offers a variety of highly-secure customer identity management features. For added peace of mind, LoginRadius keeps its platforms ahead of emerging data regulations and consistently performs rigorous updates.
\n![\"LoginRadius](\"/c024cf67b6f7b1fa45d6e3b19bead603/LoginRadius-Consumer-Identity-Trend-Report-1-1024x310.webp\")
Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.
\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},"pageContext":{"limit":6,"skip":834,"currentPage":140,"type":"///","numPages":164,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}