News

USER AUTHENTICATION: NOW WITH AN EXTRA SECURITY TWIST

When users sign into Cloutility, the application provides authentication based on either username and password or "single sign-on" (SSO) via SAML 2.0 - both with additional (optional or required) two-factor-authentication (2FA) through “time-based one-time passwords” (TOTPs) provided by authenticator apps. This is all good, but in the world we live in, merely authenticating a user during sign-in isn’t enough.

In March 2023 three YouTube-channels associated with Linus Media Group (LMG) were compromised by hackers stealing browser session-cookies from machines logged into the channels, and thereby gaining access to active browser sessions from other machines without requiring re-authentication. The founder of LMG, Linus Sebastian, was kind enough to release a video detailing the experience along with the conditions enabling and leading to the security breach. We found the video both informative and inspiring, and as a direct consequence of this we have now expanded Cloutility’s user authentication process and subsequent API-request handling accordingly.

In short, Cloutility (build 4436 and above) will now detect when an access-token (or refresh-token) is used from another location than to which it was issued, and prompt the user to re-authenticate using their latest used authentication method.

KEEP CLOUTILITY UPDATED
We always advise our users to regularly update Cloutility to the latest (and greatest, hopefully) release in order to have access to the latest features - including security features like the one mentioned above.

Latest news

Tuesday, March 5, 2024

Highlights of the latest and greatest Cloutility release

Show more ›
Wednesday, January 3, 2024

Cloutility support for Rubrik Security Cloud

Show more ›
Friday, September 1, 2023

Cloutility with IBM part numbers

Show more ›

You accept the use of cookies by using this site or closing this banner

Read more about cookies
IBM ISM Library Excellence Award 2012
IBM Tivoli Award: Best Cloud Solution 2013
IBM Beacon Award 2013
Ready for IBM Storage 2017
Top 10 IBM solution provider 2021