How to turn a credentials breach in a development opportunity

Valerio Barbera

Hi, I’m Valerio founder and CTO at Inspector.

Recently my personal account on one of our external tools was cracked. My credentials have been stolen so the attackers have had access to this service with our credit card attached.

There were no risks for our users security, but only for our bank account, because attackers could use up our credits or use our account for public spam activities.

This experience has made us much more aware of the value of using (and develop) safe tools. We have therefore decided to bring some new features into Inspector that allow our customers to keep their account more secure, avoiding being victims of these violations as we have.

Regaining control

As soon as we realized that something was wrong with our tool, we’ve immediately disabled the credit card and removed the tool from our stack.

There were no risks for our users security, but only for our bank account.

Compromised credentials will always present a risk, but there are policies that can mitigate that risk.

The first step is to establish policies for the strength and management of passwords. Not all credentials are created equal.

For accessing sensitive information and for administrative access to internal working tools, stronger, more complex passwords and additional factors such as biometrics, cryptographic keys or 2FA confirmation codes are now required by default in our company.

This includes also all social media accounts of the entire team.

Now it’s time to bring what we have learned on Inspector. Below I present you the next security features we have decided to implement in Inspector.

Control Logged-in devices

This feature should allows our users to check the logged-in devices and easily log-out from a specific device with a simple click.

Below the detail of what we want to develop:

  • Displays currently logged in devices for a user in the profile section.
  • Log out from any specific device from the list of currently logged-in devices.
  • An option to log out from all other devices except the currently logged-in device.
  • An option to disable multiple device logins altogether. This means that a user can only be logged in from one device at a time.

If you will log in Inspector from your smartphone, you will see this new device in the logged-in devices list. This will allow you to identify unknown devices in the list, disconnect them with a simple click, and change your password to protect your account from unexpected authentications.

2FA Authentication

Are you using the same password for multiple websites including Inspector? Are you accessing Inspector from public or shared computers?

Such action weaken your password and make it easier to steal.

That’s why we’ll implement two step verification. An optional security feature that helps protect your account even if your password is stolen or cracked.

This feature will improve security because signing in requires two things:

  • Something you know: Your Password
  • Something you have: Your Phone

If an attacker crack your credentials he cannot authenticate into your Inspecotr account because he doesn’t have your phone to provide us the security code.

Reject insecure passwords

In order to increase the average security of our users account we’ll also plan a password filter to avoid weak passwords to be used when developers create their account on Inspector.

According to NordPass many accounts are created with passwords that require just a few seconds to be hacked putting privacy and security at risk. Think about how sensitive are the data cllected by a monitoring system, database queries, server information, and many other application details that an attacker could use for malicious purpose.

Conclusion

While a startup grows fast some incident can happen, but the most important thing is to learn from mistakes and put the experience at the disposal of the customers.

I hope you appreciate our work to make Inspector a safer and more efficient product with the aim of helping you reach your goals quickly and easily.

Application monitoring

If you found this post interesting and want to drastically change your developers’ life for the better, you can give Inspector a try.

Inspector is an easy to use Code Execution Monitoring tool that helps developers to identify bugs and bottlenecks in their application automatically. Before customers do.

screenshot inspector code monitoring timeline

It is completely code-driven. You won’t have to install anything at the server level or make complex configurations in your cloud infrastructure.

It works with a lightweight software library that you can install in your application like any other dependency. Check out the supported technologies in the GitHub organization.

Create an account, or visit the website for more information: https://inspector.dev

Related Posts

cloud costs savings with code execution monitoring

How to save thousands of dollars in cloud costs with Code Execution Monitoring

Hi, I’m Valerio, software engineer, co-founder and CTO at Inspector. In this article I want to show you a monitoring strategy to help you save thousands of dollars a year on cloud costs. The typical scenario where you can get the most payback from this strategy is when your application runs on multiple servers. If

The 5 Best Application Monitoring Tools for 2022

When it comes to application monitoring software, there are some great tools available to make our lives easier. We’ve compiled a list of the very best. No offense intended but the truth is customers are no longer interested in what you have to do to make your product work when they need it. They only

What Are Source Maps and How to Properly Use Them

You are debugging a web app for a client but the minified version of the Javascript and CSS code makes it impossible to understand what statements the browser is actually executing. You could break down the original code line by line in your editor putting some “console.log()” statements here and there, or try debugging it

Join the "Scalable Applications" community

Learn from other developers' experience.
Join the international community of developers to build scalable applications.

Inspector customer feedback
2020 © Inspector S.R.L. - VAT: 09552901218 - Progetto agevolato con la misura Resto al SUD RSUD0000000 - CUP C61B21012300008

How to build scalable applications

Get the e-book about the Inspector scalability journey.