Before (left) and after (right) updates to the log in screen .
Problem:
Internal logs, security incident tracking metrics, and user reports of compromised accounts showed a clear trend that Dotloop had become a target for bad actors to attempt to compromise our user accounts and user data. The existing authentication process was outdated and lacked a viable upgrade path to deliver the level of account security required for a product that real estate agents and their clients use to transmit and store sensitive documents.
Objectives:
Eliminate attack vectors that left the business and our customers vulnerable to data theft via social engineering and brute force attacks.
Implement a new process for all users when signing in to accounts or registering for new accounts that would verify their identity via multi-factor authentication and modern automated attack protections.
Integrate a third party service for all security and authentication functions in order to lessen the amount of development resources required in the long term for maintaining and updating authentication security features.
Key Results:
Worked alongside development team leaders to orchestrate a 12 month plan to overhaul the technical authentication infrastructure that was delivered in 11 months.
Fully migrated an outdated authentication system and over four million user accounts to a new third party service (Okta/Auth0) for all authentication calls without service disruption outside scheduled maintenance windows.
Coordinated customer success and customer support teams to guide over 1.5 million active users in enrolling into MFA account protections in the first 30 days.
Reduced YoY P1 and P2 security incidents by 89% in the first 12 months after release.
