Making Sure You’re You

Ozcode Live Debugger - Authentcation
Ozcode Live Debugger now offers best-of-breed authentication with MFA, SSO, and SAML.

We’ve been hacked!

Those are probably the three words that any CEO, CTO, CSO, CISO, or “VP whatever” dreads more than any other. But it’s bigger than that. While those with Cs and Vs in their titles will be the ones answering tough questions very soon, those three words will often mobilize the whole organization. Nobody is going to get much sleep until the breach is contained.

With the average cost of a data breach reaching $4.24 million, it’s no surprise that global cybersecurity spending is skyrocketing and is forecasted to reach $345 Billion by 2026. Still, for all the safe-guards that well-meaning companies put in place, in the end, data breaches are a “people problem,” with 95% of cybersecurity breaches caused by human error.

Passwords suck!

By far, the most common “secret key” needed to access your account on any web service is still your password. And in most cases, it’s the only key needed. But, usually, passwords are not secure for many reasons. In fact, most passwords can be hacked within 13 seconds, with “123456” being the most popular password found in data breaches in 2020. But even if you’re vigilant and always use a strong password (which is easy enough with a password manager like LastPass, 1Password, etc.), there are so many ways malicious hackers can steal your credentials through social engineering, like phishing attacks or using malware like password dumpers. It’s exactly for this reason that we have upped our security posture here at Ozcode and vastly upgraded authentication on Ozcode Live Debugger.

Beyond passwords

Ozcode Live Debugger now offers best-of-breed authentication, providing different ways to authenticate users in your organization. We have upgraded all our servers to provide enterprise-grade security for your valuable data, and if you haven’t noticed it already, you’ll see the new login screen next time you sign in to your Ozcode account.

Ozcode Login

Let’s learn about the different ways you can now be authenticated and access your Ozcode Live Debugger account.

MFA-Multi-Factor Authentication

Authenticating with passwords is based on a secret password you’re supposed to keep to yourself, or “what you know.” Since, as we’ve seen, we’re not very good at keeping secrets, modern systems ask you for additional means of authentication based on something you pysically possess. Some of us have used hardware keys, such as YubiKeys to log into secure systems, but these are only viable for enterprises, not the general public. But everyone has a phone today.

SMS is the most common form of MFA in use today. Most of us have already encountered OTPs, one-time passwords texted to us when trying to access our credit card statements online, or some other sensitive site from a new device. But the truth is, SMS is not secure. Messages are not encrypted, may travel through different networks, and security of the infrastructure is questionable. A more secure form of MFA is through an authentication application such as Google or Microsoft Authenticator, which is what Ozcode offers today. 

Any user can (and should) enable MFA for their account, although it is optional. As an administrator, you can enforce MFA, and I highly recommend you do so to make sure nobody gets unauthorized access to your source code and data.

Ozcode Live Debugger - MFA Policy

SSO - once you’re in, you’re in

While MFA does provide a high level of security, it still requires users to have a password for Ozcode. In an enterprise setting, users may have to log in to many different applications, and ensuring every employee safely manages all those passwords with a password manager becomes impractical. That’s why many enterprises enforce SSO – Single Sign-On. Today, Ozcode supports SSO using any authentication provider, including Azure Active Directory, Google, and others. Once an Ozcode administrator connects the organization’s Live Debugger account to the authentication provider, all users are automatically logged in once authenticated with any other application connected to the SSO provider.

Ozcode Live Debugger - SSO

Ozcode also supports SSO for on-premises instances of Active Directory. Just select SAML as your IDP when configuring SSO.

Additional security measures

While MFA and SSO are the most significant updates in this release, a well-rounded security posture would not be complete without the following measures that Ozcode also supports now:

  1. To prevent brute force attacks, you can configure the maximum number of incorrect password entries before users get locked out of their accounts.
  2. To prevent users from repeating previous passwords, you can specify how many passwords back to keep track of.
  3. Audit logs maintain a record of all user activity connected with security and authentication.
    Ozcode Live Debugger - Audit Logs

Learn more about Ozcode Live Debugger Security in our white paper:

Rami Honig

Comments

Keep your code in good shape!

Subscribe to our blog and follow the latest news in the .NET debugging industry

Ready to Dive into Your Prod Code?

Easy debugging with full time-travel data

The Exception

A Quarterly Roundup

Subscribe to our quarterly newsletter and hear all about what’s happening around debugging with Ozcode

Share on facebook
Share on twitter
Share on linkedin
Share on email

Recent Posts

Follow Us

Join Ozcode YouTube Channel

Let’s start debugging, it’s free!

Thanks for downloading the OzCode trial!

You’re well on your way to making C# even sharper.

If your download doesn’t start automatically , please use this direct link.

If you’d like to install OzCode but don’t have
administrative privileges on your machine, please contact us.

Get Started for FREE!

Ozcode Logo

This website uses cookies to ensure you get the best experience on our website.