.svg "logo (2)"){kind=small}
Improving Security: Our Move to a New Authentication Method
PRISMA has launched a new in-house solution for two-factor authentication. Part of our push for greater autonomy. IT Service Manager Mozhdeh Mousazadehkamdar explains the journey behind the change.
Since PRISMA's foundation, users have authenticated themselves on our platform via a third-party provider. But that’s now changing. We’ve begun rolling out a new in-house solution that offers more autonomy—for us internally and for our users externally. In this post, I’ll walk you through the thinking behind the move, the benefits it brings, and how we navigated the transition.
Building Independence from the Inside Out
Over the past year, we’ve focused on gaining more independence by insourcing key processes and tools. Our cloud migration in May and our ongoing refactoring program have paved the way for structural changes toward a leaner, domain-driven design.
This month marked another key milestone: the launch of the first phase of our new authentication service.
Changing how users log in had been on our radar for some time. Our previous authentication solution didn’t fully align with our needs—especially as we aimed to streamline user identities across devices and platforms. We knew we could do better. And now, we have.
A Win-Win for Security and Usability
As we explored options, it quickly became clear that moving to a more integratable and flexible service would unlock significant benefits—for our users and for PRISMA as a whole.
For users, the advantages are clear:
-
Stronger security through stricter password criteria and progressive account locking after failed login attempts.
-
Simplified access thanks to mobile tokens stored in a central smartphone app, replacing multiple hardware tokens.
-
Improved autonomy with a self-service registration and token assignment process.
-
Reliable backup access via SMS authentication—essential for industries where downtime can mean real financial impact.
For PRISMA, this means easier maintenance, fewer support requests, and tighter integration within our ecosystem. Our internal developers can now manage the system more efficiently, while AWS’s Business Support Package helps shoulder the support load.
How We Made It Happen
Of course, getting here wasn’t without its challenges. Transitioning to a new authentication system was a significant move, with both technical and organizational implications. Here’s how we tackled the biggest obstacles:
1. All Hands on Deck
Once we verified our proof of concept and locked in a solution, the clock started ticking. Hard deadlines can be stressful—but they’re also essential. Our agile approach proved invaluable, enabling cross-team collaboration at every level. From writing tickets to testing to communications, everyone pulled together to make it happen.
2. Phased Migration Strategy
With many teams juggling multiple development projects, capacity was a constant challenge. To manage this, we rolled out the new solution in phases—starting with a minimum viable product (MVP).
We also ran both the old and new authentication systems in parallel. The first phase was voluntary: users could opt into mobile tokens. This gave us time to gather feedback and fine-tune the system ahead of phase two, when hardware token users would be migrated. This phased approach maximized our prep time and allowed us to scale without cutting corners.
3. Putting Users First
User access is mission-critical, so we made sure our transition plan kept disruption to an absolute minimum. From the beginning, we adopted a user-centric mindset—communicating clearly, offering flexibility, and rolling out changes gradually.
We used newsletters, direct emails, and platform updates to keep users informed every step of the way. Transparency helped build trust and smoothed the path to adoption.
4. Tailored Solutions for Varied Needs
Our users aren’t a one-size-fits-all group. Some don’t use business smartphones—or aren’t allowed to use them to access PRISMA. For these cases, we provided customized hardware tokens that generate time-based one-time passwords (TOTP), ensuring secure and convenient access without requiring a phone.
What Comes Next
We’re confident that once all users have made the switch, the new system will provide a smooth, secure, and scalable experience—one that aligns with our broader goals of autonomy, agility, and operational excellence.
For our users, it means greater peace of mind. For PRISMA, it means continuing our journey as a forward-thinking, self-sufficient platform.
