It’s not a matter of “if” but “when” your website is going to come under attack by hackers. With breaches on the rise and more increasingly being reported in the news, the liability your company faces and the investment your customers demand for the protection of their data requires businesses of all sizes to implement best practices in regards to cybersecurity.  BlindHash Cybersecurity enhances the password security of the Magento platform rendering an offline attack like the recent (Equifax, Yahoo, Deloitte) virtually impossible. Our extension is the most secure way to protect your customers' passwords and your brand. 

 

WHO SHOULD USE THE PLUGIN? 

Any Magento site that stores user passwords should use this plugin, even if you are not storing credit card or financial data. Your customers' passwords are some of the most valuable data that your site holds, and Magento passwords are particularly at-risk. If for any reason you have a breach, then you must assume that your clients' passwords have been compromised. When this happens you must notify customers and implement a company wide password reset. With the BlindHash™ Password Protection plugin, we ensure that this never happens. BlindHash™ completely secures any password, even if your password database is stolen. 

 

HOW DOES IT WORK?

The BlindHash™ Password Protection plugin is easy to install, and completely invisible to your users. There is no change in how your users login, and no need to reset or change passwords. Your customers login just like they normally would, but now their passwords are secured against being cracked, even if your site is breached. The BlindHash Password Protection extension can be installed on Magento versions 1.9 - 2.2, and with a single click will automatically upgrade the security on all your existing Magento accounts. Our patented technology provides better password security, at a higher performance and dramatically lower cost than traditional hashing.

 

OUR COMPANY SITE IS HOSTED AT A DATA CENTER. DO WE STILL NEED THIS PROTECTION? 

Absolutely you still need it. Hosting sites are typically more secure than stand alone installations, but they secure against physical and electronic intrusion. Magento password hashes are stored the same way whether you are using a hosting service or not. Many of the reported breaches from 2016 and the first half of 2017 were of sites that were hosted in third party data centers.

 

INSTALLING THE PLUGIN

You will receive an email with the installation package and an ‘AppID Token’ after you submit payment for the plugin.  Simply select and install the extension through the Magento Connect Manager. Once the plugin is installed, click Configure, and you will enter the AppID Token, and click Save.

 

USING THE PLUGIN 

Once the plugin is installed and your AppID is entered, there is nothing left to do. Your passwords will be protected going forward. If your volume of online traffic changes dramatically, you should notify us at info@blindhash.com so we can adjust your limits.