Security breaches are all the rage these days. It seems there is another one every week. And that’s just the ones we hear about. Speaking of which, ZenDesk announced today that they were hacked and the information of their clients: Twitter, Tumblr and Pinterest were all compromised. Apparently, the email addresses of people that had contacted those three companies for support, were obtained. Along with that information, the hackers obtained email subject lines, which could make it easier for the hackers to socially engineer their way into the accounts of the customers of those three companies.
So, why does this matter? First off, if you have contacted any of those three companies, then you know at least one way that it matters. They have some of your information. Now you need to be alert, so that your account doesn’t get compromised. Second, it shows just how vulnerable every company out there is. If hackers want to get into your site, they eventually will. You can’t give up on security though. Otherwise, we would have to abandon the internet to maintain data security. That’s not going to happen.
All too often though, startups put off security until later. They figure that they don’t have to worry about it because they can coast by under the radar for the time being. I disagree entirely. Usually the most tech savvy people are the early adopters and the influencers. Are those the people that you want to get hacked? Personally, I would rather not have those people talking poorly about their experience with my startup. So, that leaves startups with a conundrum. Do they create a very secure infrastructure and authorization system using all their own code or do they use a 3rd party authorization like OAuth, OpenId or Facebook Connect? It’s a tough decision. With a 3rd party login, users are often more comfortable signing up for an account because they trust the security of the service they already use. On the other hand, you run the risk of a user getting thrown out of that service and also losing access to your service as a result. On top of that, 3rd party services get hacked also. It’s a tough choice, but one that has to be properly considered.