The Motley Fool, LLC got its start in 1993 as a financial media website, and the company’s sheer longevity is proof of its value. “The Motley Fool is one of the few pre-dot-com-bust tech companies to have survived that time period," explains principal software engineer Aaron Torgerson. "And the way we managed to do that was by being scrappy."

After the first tech bubble burst in the early 2000s, the company transitioned from an ad-supported model to a subscription-based stock-picking newsletters model. Then, they expanded from the newsletters into new, separate sister companies offering different services, such as wealth management and venture capital. Today, the company’s flagship Stock Advisor product has nearly a million subscribers, and The Motley Fool name is synonymous with smart investing.

In 2018, The Motley Fool’s team realized that its homegrown authentication system could no longer serve its growing roster of properties. “We wanted to be able to say, ‘We’ve got a first-rate system. We’re using the best technologies out there for securing your data,’” Torgerson says.

The Motley Fool needed an authentication system that could protect user data throughout its complex network of properties.

Getting Ahead of Customer Security Issues

User data privacy and security were The Motley Fool’s most pressing reasons for seeking out a new identity solution. “That old authentication system had many issues,” Torgerson says. “In order to solve a problem like user experience over here, we had to lower the bar of security over there.”

The Motley Fool wanted to upgrade its authentication security before it became a serious problem. “We had never had any serious data breaches,” Torgerson says. “But we also realized that time’s ticking, and with the system that we had in place, it was probably only a matter of time before something were to happen.”

But security wasn’t the only thing The Motley Fool was looking for in an authentication provider. “We wanted the benefits of things like social authentication and simpler forms of authentication like passwordless via email,” Torgerson explains. The team considered several options, but, according to Torgerson, only one provider had the right combination of security and user experience. “That’s how, ultimately, we ended up at Auth0.”

Auth0 Unites 12 Domains and 50 Apps

The Motley Fool signed on with Auth0 and started making use of Single Sign On (SSO) to ensure that premium subscribers could easily navigate across the company’s global suite of services. These encompass roughly 50 deployable apps spread across 12 domains. “That’s good because different areas of the site have different security requirements,” Torgerson says. “We use the settings in Auth0 on an application-to-application basis to ratchet things up and down. We might say, ‘Okay, for you to get into this site, we want to prompt MFA, whereas for this other site, we may want to look to other approaches.’”

The company is also using Passwordless login through email. Many of the emails the company sends to its members notifying them about recent stock picks or stock market updates contain “magic links,” links that, when clicked, prompt unauthenticated users to confirm their identity using one-time passcodes (OTP).  Torgerson describes the process: “The links check to see if you're already logged in. And if you're not logged in, they initiate the passwordless flow where they say, 'Hey, we just sent you a code. Can you put that code in this box to continue?'”

Security and UX, Growing Together

Looking ahead, The Motley Fool plans to implement social logins to give its users more options for frictionless authentication. So far, the authentication transition has been seamless for users. “It’s the same user experience, maybe a little prettier,” Torgerson says, “But on the back end, under the hood, it’s a bit more robust.”

Meanwhile, the company is making good use of Auth0’s Brute Force Protection. “We went through a pretty extended period, over a month, where we were getting hit with password spray attacks,” Torgerson says. He estimates that there were 20 such attempts, “but, thankfully, they were all failures.” Auth0’s monitoring of the incidents put the team at ease. “It was nice to know, (a) that it was happening, and (b) that we had something we could do about it. With our old system it was just a black box.”

On its mission to make the world smarter, happier, and richer, The Motley Fool is elevating its security profile while streamlining the user experience. Says Torgerson, “we wanted simple, secure authentication, so that’s why we chose Auth0.”