Vega’s Sirius web portal has been built by a team of expert developers, penetration tested by professionals, and used to protect our customers’ data successfully for decades.
As you might imagine from an application with such a track record, Sirius contains many layers of protection against attack. In this post we will cover some of the ways in which Sirius protects usernames and passwords.
Usernames and passwords are two key bits of information which are required to access Sirius, and are therefore extremely important pieces of data to protect.
One of the main threats to the security of a password protected account, is that someone can attempt to guess a user’s login credentials – their username and password. Sirius protects against this in multiple ways:
- Firstly, Sirius requires each user to set up a strong password. There are various configurable rules within Sirius which require passwords to meet certain criteria. To give a few examples: a password must have a minimum length; it must contain both characters and letters; and it cannot be the same as a previously used password. Together, these rules make any attempt to guess a user’s password far more difficult.
- Secondly, Sirius doesn’t give a bad actor trying to guess user credentials any helpful information. A hacker trying to gain access to a user account by simply guessing credentials won’t even be told whether or not they are attempting to log in to a valid account. This stops the hacker from being able to use login attempts in order get information about which usernames are valid.
- Thirdly, to make things even more difficult for an attacker who is attempting to guess passwords, each user account is only allowed a small number of incorrect login attempts, before the account is locked out. This prevents “brute force” attempts to guess account credentials, by using an algorithm to try lots of username-password combinations in a short space of time.
To summarise, passwords in Sirius are required to be strong; Sirius itself gives bad actors no useful information about whether they are even attempting to access a valid account; and only a small number of incorrect attempts are allowed, before an account is locked out. The combination of these measures makes it almost impossible for someone to gain access to a Sirius account by simply guessing user credentials.
These are just some of the protections that the Sirius web portal offers. We will cover more here in the future. If you are serious about your web portal security, and would like to learn more about what Sirius can do you for, contact us now.