October 2022 Summaries
2 posts from Kinde
Filter
Month:
Year:
Post Summaries
Back to Blog
Establishing a startup involves essential security measures such as creating a branded company email account, which serves as a focal point for important communications and interactions, and employing tools like multi-factor authentication (MFA), password managers, and single sign-on (SSO) to safeguard against threats like phishing and credential stuffing. Startups are advised to prioritize securing their primary email and cloud hosting services with MFA, using options such as authenticator apps, one-time passcodes, or hardware keys, with platforms like Google and Microsoft offering various MFA solutions. Password managers are recommended for securely generating, storing, and managing passwords, mitigating the risks posed by password breaches, while SSO can streamline authentication processes by linking multiple services to a single identity, often through Google or Microsoft accounts. Kinde's approach includes using Google Workspace with enforced 2-Step Verification and hardware keys for admins, utilizing 1Password for password management, and adopting a company policy of using "Login with Google" for online services to minimize password-related challenges.
Oct 31, 2022
1,531 words in the original blog post.
Bootstrapping security into a startup involves multiple strategies tailored to a company's unique needs, as demonstrated by Kinde's approach following its seed funding. The company prioritized implementing effective and straightforward security controls to establish a strong foundation, including measures like enforcing two-factor authentication, using security headers, and code scanners. A "hit list" of security tasks—ranging from Google account hardening to AWS security services activation—was created based on past experiences and best practices. Kinde also performed a self-audit using the Cloud Security Alliance’s CAIQ-Lite template to identify risks and address them through actionable tasks, such as disaster recovery planning and penetration testing. Initial objectives were quickly achieved, thanks in part to security-conscious founders, while ongoing efforts focus on integrating automation and improving reliability. As Kinde progresses, the emphasis is on enhancing internal tool integrations to streamline processes, reflecting their proactive and evolving security strategy as an early-stage startup.
Oct 07, 2022
875 words in the original blog post.