Security Experts:

long dotted


Passwords remain the bedrock of authentication, increasingly supported by SMS passcodes. But many companies won't introduce that second factor simply because of the increased user friction. [Read More]
Microsoft has paid a $13,000 reward for a vulnerability that could have been exploited to hijack Outlook, Office and Azure accounts [Read More]
CloudFlare says it blocks Tor traffic because 94% of it is malicious, but Tor believes most of it comes from a tiny fraction of users [Read More]
Yahoo has expanded its password-free approach to user security to more applications for Android and iOS devices, namely Yahoo Finance, Fantasy, Messenger, and Sports. [Read More]
A survey conducted by SailPoint shows that 1 in 5 employees would sell their work passwords to an outsider, in many cases for less than $1,000 [Read More]
Instagram, Facebook’s mobile photo-sharing and video sharing service, is finally getting a long requested security feature; two-factor authentication. [Read More]
Tens of thousands of digital video recorders used to store footage from surveillance cameras can be easily hacked due to hardcoded passwords [Read More]
Using VoIP phones with default settings can allow hackers to hijack devices and eavesdrop on communications, experts warn [Read More]
Intel Authenticate is a hardware-enhanced, multifactor authentication solution that strengthens identity protection on the PC, making it less vulnerable to identity and security credential attacks, the company said. [Read More]
Dell ships PCs with pre-installed self-signed root certificate that poses serious security and privacy risks [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Travis Greene's picture
Yahoo's “Account Key” uses push notifications to their Yahoo Mail app on mobile devices. Will this securely replace passwords and two-factor authentication?
Travis Greene's picture
The true value of identity is not in creating more defense in depth, which means that identity is not the new perimeter.
Travis Greene's picture
As much fun as it is to wake up to patches waiting to be unwrapped, we don’t want the regret of “exploit Wednesday”, which is far more embarrassing than becoming a victim of a zero-day exploit.
Travis Greene's picture
Can IT security find a way to coexist with wearables faster than the first BYOD war and avoid a second war?
Travis Greene's picture
No IT organization has a seemingly unlimited budget the way that Team Oracle did in the 2013 America’s Cup race. But look closer at why spending on America’s Cup racing seems so out of control and it starts to look a bit more familiar.
Travis Greene's picture
Security teams must bear equal, if not more responsibility, for reducing the risk of credential fatigue leading to inadvertent exposure.
Wade Williamson's picture
Network administrators have to remember that they are not just the protectors of the organization – they are also the most valuable targets.
Travis Greene's picture
Just like fumbles and interceptions derail a playbook plan, there are two ways that access certifications today are insufficient.
Travis Greene's picture
Like those college recruiting compliance departments that are constantly training, monitoring, and enforcing policies, the IT compliance activity of access certifications needs to become more intelligent and real-time.
Travis Greene's picture
It’s time for targeted complexity that balances the convenience that users demand with the security that organizations need. It’s a bit like teaching a new dog old tricks.