Login

How The Motley Fool Delivers Better Security and UX With Auth0

An IAM upgrade protects user data, while simplifying authentication

About

The Motley Fool’s purpose is to make the world smarter, happier, and richer. We provide a variety of solutions to improve many areas of your financial life, including your investment portfolio, personal finances, real estate holdings, company, and career. The Motley Fool is headquartered in Alexandria, Va., with offices in Denver and Sydney, Australia, and serves investors and businesses in the UK, Australia, Hong Kong, Canada, Singapore, and Germany.

Industry

Financial Services

Region

AMER

The Motley Fool, LLC got its start in 1993 as a financial media website, and the company’s sheer longevity is proof of its value. “The Motley Fool is one of the few pre-dot-com-bust tech companies to have survived that time period," explains principal software engineer Aaron Torgerson. "And the way we managed to do that was by being scrappy."

After the first tech bubble burst in the early 2000s, the company transitioned from an ad-supported model to a subscription-based stock-picking newsletters model. Then, they expanded from the newsletters into new, separate sister companies offering different services, such as wealth management and venture capital. Today, the company’s flagship Stock Advisor product has nearly a million subscribers, and The Motley Fool name is synonymous with smart investing.

In 2018, The Motley Fool’s team realized that its homegrown authentication system could no longer serve its growing roster of properties. “We wanted to be able to say, ‘We’ve got a first-rate system. We’re using the best technologies out there for securing your data,’” Torgerson says.

The Motley Fool needed an authentication system that could protect user data throughout its complex network of properties.

“We wanted to be able to say, ‘We’ve got a first-rate system. We’re using the best technologies out there for securing your data.’”

Aaron TorgersonPrincipal Software Engineer

Getting Ahead of Customer Security Issues

User data privacy and security were The Motley Fool’s most pressing reasons for seeking out a new identity solution. “That old authentication system had many issues,” Torgerson says. “In order to solve a problem like user experience over here, we had to lower the bar of security over there.”

The Motley Fool wanted to upgrade its authentication security before it became a serious problem. “We had never had any serious data breaches,” Torgerson says. “But we also realized that time’s ticking, and with the system that we had in place, it was probably only a matter of time before something were to happen.”

But security wasn’t the only thing The Motley Fool was looking for in an authentication provider. “We wanted the benefits of things like social authentication and simpler forms of authentication like passwordless via email,” Torgerson explains. The team considered several options, but, according to Torgerson, only one provider had the right combination of security and user experience. “That’s how, ultimately, we ended up at Auth0.”

“We wanted the benefits of things like social authentication and simpler forms of authentication like passwordless via email. That’s how, ultimately, we ended up at Auth0.”

Aaron TorgersonPrincipal Software Engineer

Auth0 Unites 12 Domains and 50 Apps

The Motley Fool signed on with Auth0 and started making use of Single Sign On (SSO) to ensure that premium subscribers could easily navigate across the company’s global suite of services. These encompass roughly 50 deployable apps spread across 12 domains. “That’s good because different areas of the site have different security requirements,” Torgerson says. “We use the settings in Auth0 on an application-to-application basis to ratchet things up and down. We might say, ‘Okay, for you to get into this site, we want to prompt MFA, whereas for this other site, we may want to look to other approaches.’”

The company is also using Passwordless login through email. Many of the emails the company sends to its members notifying them about recent stock picks or stock market updates contain “magic links,” links that, when clicked, prompt unauthenticated users to confirm their identity using one-time passcodes (OTP).  Torgerson describes the process: “The links check to see if you're already logged in. And if you're not logged in, they initiate the passwordless flow where they say, 'Hey, we just sent you a code. Can you put that code in this box to continue?'”

“We use the settings in Auth0 on an application-to-application basis to ratchet things up and down. We might say, ‘Okay, for you to get into this site, we want to prompt MFA, whereas for this other site, we don’t care about that.’”

Aaron TorgersonPrincipal Software Engineer

Security and UX, Growing Together

Looking ahead, The Motley Fool plans to implement social logins to give its users more options for frictionless authentication. So far, the authentication transition has been seamless for users. “It’s the same user experience, maybe a little prettier,” Torgerson says, “But on the back end, under the hood, it’s a bit more robust.”

Meanwhile, the company is making good use of Auth0’s Brute Force Protection. “We went through a pretty extended period, over a month, where we were getting hit with password spray attacks,” Torgerson says. He estimates that there were 20 such attempts, “but, thankfully, they were all failures.” Auth0’s monitoring of the incidents put the team at ease. “It was nice to know, (a) that it was happening, and (b) that we had something we could do about it. With our old system it was just a black box.”

On its mission to make the world smarter, happier, and richer, The Motley Fool is elevating its security profile while streamlining the user experience. Says Torgerson, “we wanted simple, secure authentication, so that’s why we chose Auth0.”

“It was nice to know, (a) that [an attack] was happening, and (b) that we had something we could do about it. With our old system it was just a black box.”

Aaron TorgersonPrincipal Software Engineer

About Auth0

Auth0, a product unit within Okta, takes a modern approach to identity and enables organizations to provide secure access to any application, for any user. The Auth0 Identity Platform is highly customizable, and is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.

9K+

Enterprise customers

70+

Countries with Auth0

24/7

Support coverage

Get started →

Signing up is free. Experience Auth0 for yourself and see how we help companies of all sizes make their organizations safer.