Introducing: Enterprise-Grade Identity and Access Management for Rocket.net Customers

Today, I’m happy to announce we’ve launched our all new identity and access management (IAM) system at Rocket.net. This is a huge step forward for our platform as we continue to move away from legacy systems used during our launch phase of Rocket.net.

Initially, we were piggy backing off of a very popular system known as WHMCS for user logins, but it came with very minimal capabilities beyond logging in with an email and password and had limited flexibility on access control. While all passwords were still one way hashes, there were several missing features required to provide the most safe and secure experience for our customers.

Ultimately, we decided to leverage a platform known as Auth0 (an Okta company) to extend enterprise functionality to our customer base. Today, customers can login with their email and password as usual, but now you can also securely link third party services such as Google and Github to make logging in a breeze.

On top of this, all users on Rocket.net can now benefit from Two-Factor Authentication (2FA, sometimes known as Multi-Factor Authentication, or MFA). Account owners even have the ability to force 2FA on sub accounts (found under the revised Users menu item) to help reduce the risk of account takeovers. In fact, we highly recommend all Rocket.net users implement our 2FA functionality for maximum security.

When it comes to your Rocket.net login, I’m happy to share that your password is encrypted and one way hashed with the world’s best password hashing algorithm known as Argon2id. To take this a step further, each and every password on Rocket.net uses OWASP’s password storage best practices, including a unique salt and a global pepper alongside the Argon2id hashing algorithm. This makes it virtually impossible for anyone to try and decrypt an account password, even if they had access to the encrypted password hash.

However, it’s not really the Rocket.net passwords we’re concerned with, it’s third party services that do not follow best practices. You may or may not be familiar with the MOAB Data Breach, but essentially this breach contained billions of passwords from weak systems. The problem is, if you use the same username/password on other providers and they get breached, your login is now available to the world.

With 2FA setup, even if someone has your password, they would also need access to your authentication device to successfully login. Adding this extra layer of security ensures maximum protection to keep hackers out.

The new Enterprise Identity Management system has been live for a while now and is completely transparent to customers outside of a shiny new login screen and much needed added capabilities.

Building off this identity work, we’ll now be able to easily offer SAML-based SSO for Enterprise clients who need to leverage their own identity providers for their staff logins at Rocket.net. In addition, we’ve put in place a new authorization system which allows for more granular access to features and resources on the Rocket.net platform which will allow us to expose the ability to customize access for sub accounts. These are just some of many things we have in store for 2024 at Rocket.net as we continue to push the envelope in our industry.