Security Experts:

long dotted


The Kerberos authentication protocol enables a disabled user account to remain valid for up to 10 hours after having been revoked, researchers say.
The "Covert Redirect" security issue uncovered in login tools OAuth and OpenID, places the responsibility for user security in the wrong place, experts say.
NetSupport, a remote management tool used in some enterprises can be exploited by attackers to remotely connect to a host without needing any passwords, according to a Trustwave researcher.
Entrust launched a new cloud-based service that consolidates the management of digital identities, SSL certificates and credentials via a single solution platform.
Many businesses are looking at SMS-based two-factor authentication as a way to improve verification of customer identities, according to a new survey
In response to the vulnerabilities and hassles of the antiquated username-and-password formula, Winfrasoft has developed an alternative based on a four-color grid with numbers inside that resembles a Sudoku puzzle.
Google has quietly acquired security startup SlickLogin, an Israeli company working on innovative authentication solutions that leverage mobile and audio technology.
A new report by Dell SecureWorks researchers shines the light on the most prevalent banking Trojans of 2013.
The attack against the contractor, Fazio Mechanical Services, supports earlier claims that it was the vendor attackers stole credentials from in order to breach the retail giant.
The number sequence "123456" has overtaken "password" as the most common worst password among Internet users, an online security firm says.

FEATURES, INSIGHTS // Identity & Access

rss icon

Tal Be'ery's picture
When it comes to setting the standards for crucial internet functionality such as authentication, the Internet community must remain vigilant and carefully examine and scrutinize change proposals, to ensure they support the greater good of all of the Internet users.
Mike Lennon's picture
Enjoy this selection of top picks for 2010, listed in no particular order. Happy New Year!
Tom Grubb's picture
The day after Twin Towers fell, all kinds of security measures changed and new ones were implemented overnight. Is there a Web identity 911 equivalent wake-up call coming—a single event that will suddenly jolt us into enforced standards overnight?
Ram Mohan's picture
Are your passwords safe? Three simple ways to create memorable yet secure passwords
Jimmy Sorrells's picture
The WikiLeaks exposure highlights a clear need for a change in the way many classified networks are architected and managed, the way organizations manage their most sensitive information, and should also be looked at as a red flag by enterprises.
Markus Jakobsson's picture
In 1998, Intel announced the introduction of processor identities. Anti-fraud practitioners celebrated, security experts busied themselves thinking of the research implications, and privacy advocates were terrified...