Blog

Andrew Mitchell

Recent Posts

Reddit_Lockup_OnWhite

MFA Strategies: Not All are Created Equal

by Andrew Mitchell August 3, 2018

This week Reddit disclosed a data breach, the result of account-takeover attacks targeting Reddit employees with access to user data. The attack worked because these Reddit employees used SMS-based Multi-Factor Authentication (MFA). This exposed them to a popular social-engineering attack where the assailant is able to intercept text messages by fooling the target’s cell phone provider. In these types of attacks, the perpetrator does not need to be particularly sophisticated or even technical.

Read More
header

Multi-Factor Authentication for Accounts

by Andrew Mitchell March 10, 2017

Today we're happy to announce Multi-Factor Authentication for the TrueVault Management Console. Many of the threats our customers face are the result of human, not technical, errors. Social Engineering encompasses a broad range of attacks that are especially difficult to defend against because they exploit human mistakes: clicking on a phishing link, typing a password in public, running dubious software, joining an untrusted network, etc. TrueVault is working hard to keep your data safe even...

Read More
membership

Better Access Control with Less Configuration: Ownership

by Andrew Mitchell January 26, 2017

A major pillar of security is access control. It doesn't matter how strong your encryption is if your access control rules are too broad and you unintentionally give the wrong user access to too much information. At TrueVault, we strive to make it easy for you to build a secure product from top to bottom. This means that it's not enough for us to put your data in an iron-clad vault; we also need to help you precisely control access to each record.

Read More

Why Friday's Massive DDoS Attack Should be Terrifying

by Andrew Mitchell October 22, 2016

Friday's massive DDoS attack made a number of hugely popular websites unavailable for much of the country for large parts of the day. Our service wasn't directly affected by this incident, but the nature and scope of this attack is tremendously worrisome. DDoS In a Denial of Service (DoS) attack, the perpetrator overwhelms a target company by flooding their service with so much phony traffic that their service is unable to serve authentic requests.

Read More

Sending Personalized Email with TrueVault

by Andrew Mitchell September 15, 2016

TrueVault has partnered with SendGrid to send personalized emails to your customers using the TrueVault API. This post walks you through the integration process and shouldn't take more than fifteen minutes to complete. Setup in SendGrid The first thing to do is setup a new SendGrid Account. If you just want to try this out, you can take advantage of SendGrid's generous free plan, which lets you send 12k emails per month.

Read More

Keep Your Data Out Of The Wrong Hands

by Andrew Mitchell June 9, 2016

We approach security from two angles: prevention and mitigation. Of course we do everything we can to prevent a breach, but we know that isn't enough. History has proven that the software we all depend on has vulnerabilities. We design systems with this reality in mind, and do everything we can to mitigate the damage if a breach occurs. Today we're asking for feedback on a product our R&D department is exploring, which will drastically reduce your exposure if your system is compromised.

Read More
All posts

Latest Posts

Should Utah's Privacy Law Be on Your Radar?

Phillip Walters / November 17, 2022

Connecticut’s Privacy Law: Does It Apply to Your Business?

Phillip Walters / November 10, 2022

Global Privacy Control: A New Requirement for Compliance

Phillip Walters / November 7, 2022

A Cookie Banner Isn't Enough for CCPA Compliance

Phillip Walters / October 27, 2022

Why CCPA Compliance Matters to HR

Phillip Walters / October 21, 2022

Mailing List

Company

Developers

Latest Posts

Contact Us

201 Mission Street, 12th Floor
San Francisco, CA 94105
Email: hello@truevault.com

2024 © All Rights Reserved.  Privacy Policy  |  Terms of Use  |  Supplemental Terms | California Privacy Notice