Our Login Page Is About To Get Really Boring
In the next few days, we’re going to launch a new, significantly more boring version of our login page. And we’re really excited about it.
This boring change is the visible portion of a massive effort we’re making behind the scenes at Bench to improve the security of our systems. The new login page is hosted by Auth0, who we are now using for all of our end-user authentication. We’ve migrated to Auth0 because they are experts in the domain for authentication, authorization, and all of the security associated with that functionality. This gives us a significant boost in security while freeing up our mindshare to focus on our expertise: figuring out how to provide full service bookkeeping at scale.
For our internal users, we’ve also made an authentication swap. We now use Okta internally for all of our internal authentication. Okta gives us strong password enforcement and MFA out of the box, which significantly reduces the risk of a breach from social engineering, keyloggers, shoulder surfing, and other forms of credential theft. It also gives us automated provisioning and deprovisioning of users in our system, which is just one more place that we remove the risk of human error. These two projects are just part of our broader security effort, which is leading us towards the significant milestone of a SOC2 Type 2 audit in early 2021.
Our clients trust us to be able to help them understand their business financials. To do this, they need to provide us with a lot of data. As the engineers at Bench, we take the responsibility of safeguarding this data very seriously. With SOC2, we are building the foundation of a security program that we can be proud of. We still have a lot of work to do, but we’re committed to making it happen, and asking for help from experts whenever we find our own abilities lacking. For any security experts out there, we’re also in the early stages of a bug bounty program — for now, feel free to send us an email.
In addition to security, we’re also undertaking a significant upgrade of our privacy policies and controls so that we can meet the CCPA standard, which will apply to us starting later this year.
All in all, it’s a great opportunity for us to introduce a new level of rigour into our systems and processes. We’ll keep you posted on how it goes!
Originally published at https://medium.com on July 24, 2020.