Isaac Potoczny-Jones
Author Archives: Isaac Potoczny-Jones

Secure HTTPS Headers for JavaScript with Lambda@Edge

Delivering JavaScript securely is super important when you do crypto in the browser. Since the web version of our InnoVault product does browser-based key generation and encryption, it relies on secure JavaScript code delivery. With the help of the good folks at Amazon, Tozny has been running a pilot with Amazon Web Services’ (AWS) new Lambda@Edge capability to add secure HTTPS headers to the scripts we deliver on the CloudFront CDN. …

Tozny Launches InnoVault – Encryption Toolkit For Developers

InnoVault Encryption Logo

We are proud to announce the release of our latest product, InnoVault — a toolkit that enables developers building websites, apps, and other software to easily embed end-to-end encryption for data security and privacy. 2016 saw a 40% increase in data breaches over 2015, and the team here at Tozny decided we wanted to do something about it. InnoVault is our answer to protecting user data with the same type of robust measures already used for credit cards, …

Tozny at HCSS

Tozny’s CEO, Isaac Potoczny-Jones, will be presenting at the High Confidence Software and Systems Conference (HCSS) on May 9, 2017.  Come learn about NIST’s Risk Management Framework and how you can apply it to your work.  And if you happen to be out in Annapolis, meet up with Isaac at the conference! @SyntaxPolice

Applying NIST’s New Privacy Risk Management Framework (Abstract)

NIST’s influential cybersecurity frameworks have been a cornerstone of the certification process. …

The Security Panacea: Striking Balance with Usability

To keep up in today’s competitive technology market, perfecting the user experience is a must; making added security measures a tough sell to leadership. We consistently see brands sacrifice security, adopting the attitude, ‘it won’t happen to me.’ But when it does (which it will), brands are unprepared and scrutinized for their lack of foresight.

Read the interview with Manuela Marques, tyntec’s Product Marketing Director and Isaac Potoczny-Jones, CEO of Tozny, …

Visit Tozny at the RSA Conference

We are now in an age where security can breached with just a simple push of a button. With today’s technological breakthroughs come an increasing demand for a more well-rounded and tightened cybersecurity. The tools required to protect each individual from cyber-attacks and threats has also proven that more technical expertise is now more than just a necessity, but of great significance as well.

RSA Conference will be held at Moscone Center in in San Francisco,  …

NIST Global City Teams Challenge Super Action Cluster Summit

Tozny recently participated in the Global City Teams Challenge Super Action Cluster Summit with a focus on the security and privacy of connected vehicles.

Feb 01, 2017 to Feb 02, 2017

12:30 pm — C123/124
Lunch Keynote: Data Protection, Privacy and Security, and Smart Cities
This panel will discuss transportation cybersecurity issues within a Smart Cities framework with an emphasis on privacy, trust, and identity, and EV charging, storage, …

Data Privacy for Activists

This past weekend, one of our great engineers, Greg Stromire hosted a workshop entitled“Data Privacy for Activists” here in Portland. The twenty-five very curious audience members dug into topics like: password practices; easy VPN use; encrypted email; protecting your mobile device.

With how relevant this workshop was in the current environment, we thought we would post the top take-aways that Greg presented so everyone could benefit from his presentation.

Atlanta Streetcar has Tozny Built-In


We are excited to announce that the Atlanta Streetcar app was launched this morning with Tozny technology built in!  For the past year, moovel and Tozny worked together as part of a NIST Trusted Identities Group pilot to bring better digital identities technology to transit agencies.  Our technology allows for password-free secure authentication to mobile apps and web applications.  We have integrated the technology with moovel’s mobile app code, …

Galois Tech Talk: E3DB – Tozny’s End-to-End Encrypted Database

  • Date Wednesday, December 07, 2016  Time 11:00 AM
  • Speaker Isaac Potoczny-Jones
  • Location Galois Inc, 421 SW 6th Ave. Suite 300, Portland, OR, USA, (3rd floor of the Commonwealth building)
  • Galois is pleased to host the following tech talk.
    These talks are open to the interested public–please join us!
    (There is no need to pre-register for the talk.)

Project E3DB is a tool for programmers who want to build an end-to-end encrypted database with sharing into their projects. …

Oregon Business asks Tozny CEO about public database breaches

Tozny CEO talks security breaches with Charlie Kawasaki and Oregon Business. “Prevention is actually by far the cheapest way to mitigate.”

Oregon’s rules for data breach reporting changed a year ago to require businesses and government agencies to notify the Attorney General’s office when a breach occurred impacting more than 250 Oregonians. The breaches are then logged into a public database, which lists suspected breach dates and a copy of the notice sent to consumers explaining what happened. …

Announcing Project E3DB: The End-to-End Encrypted Database

e3db logo

Welcome to E3DB! [Update: E3DB is out of preview and into production! We are looking for early adopter developers to try Project E3DB and give us feedback.

Today, Project E3DB is a tool for programmers who want to build an end-to-end encrypted database with sharing into their projects. We are providing a command-line client for you to play with and a Java SDK to prototype with. …

Webinar – Do More with Data by Getting Privacy Right

The Mobile Data To Knowledge team (MD2K) recently hosted our CEO, Isaac Potoczny-Jones for a webinar about security and privacy in mHealth. Watch the video on YouTube!

Abstract: Obtaining user consent, enabling transparency, and securing data at rest are key security and privacy practices that let you do more with user data. Isaac will introduce an emerging type of technology called a Personal Data Service (PDS) that can facilitate mHealth, …

DNC’s Email Leak Reinforces NIST’s “Security Fatigue” Study

Security Fatigue NIST

A newly released report from the National Institute for Standards and Technology (NIST) suggests that users are in a state of “security fatigue” that leads them to risky-behavior in their digital lives.

The study defines security fatigue as a weariness or reluctance to deal with computer security.  “Researchers found that the result of weariness leads to feelings of resignation and loss of control. These reactions can lead to avoiding decisions, …

10 Unnerving Privacy Fails Thru Data Aggregation

Woman walking away from a cab + a map of a city route

There’s an old story that a reporter would always know when the US military was planning a big operation because they would order pizzas in the evening to support their secret late-night planning sessions. Similarly, during the cold war, Soviet intelligence agent Yuri Totrov could distinguish diplomats from CIA agents using data like pay scale, recruitment age, education, naturalization, and where they worked when they returned home from foreign postings.

What do these stories have in common? …

Post Yahoo, Passwords are Passé

14% of Worldwide Internet Users Were Exposed

I’m sure if you are reading this, you are already aware of the historic Yahoo data breach that was announced last week.  500 million accounts affected — the largest number of accounts ever affected by a known breach.  Let’s put that into perspective — according to the US Census Population Clock, the current population of the US is 324 million.  That means this hack could have contained an account for single person in the United States and still had 126 million accounts to spare.  …

What’s next after SMS one-time passwords?

NIST has gotten a lot of attention lately because they pointed out that SMS is less secure than many people think, and if you’re trying to shore up passwords with a second login method, you should probably consider using something that’s more secure. This type of “shoring up” of passwords is called two factor authentication, or 2FA for short.

People use 2FA for lots of stuff, from protecting classified information to protecting your Tweets. …

1 2 3