Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google has made public the source code for OpenSK, a project that allows users to create their own security keys. [Read More]
All ProtonVPN applications have been made open source after undergoing independent security audits. [Read More]
Nearly 250 million Microsoft Customer Service and Support (CSS) records were found exposed to the Internet in insecure Elasticsearch databases. [Read More]
High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows. [Read More]
Facebook now alerts users when they interact with a third-party application using Facebook Login. [Read More]
Google has simplified the enrollment process for its Advanced Protection Program and it now allows users to activate a security key on their iPhone. [Read More]
Passwordless multi-factor authentication technology provider Trusona this week announced it has raised $20 million as part of a Series C funding round. [Read More]
Weak security measures in place at several major wireless carriers in the United States make it easy for attackers to perform SIM swap attacks on prepaid accounts, a recent study found. [Read More]
Facebook, Samsung and Ring have unveiled new or improved privacy and security tools at CES 2020. [Read More]
OpenSSL has evolved a great deal in terms of security since the disclosure of the Heartbleed vulnerability back in 2014. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Josh Lefkowitz's picture
As the technology and tools to leverage stolen credentials advance, defenders should seek out innovative new ways to proactively flag exposed passwords leveraging insights gleaned from illicit communities and open-web dumps.
Jim Ducharme's picture
As the workforce continues to evolve, a one-size-fits-all approach won’t work for different identity and access management needs across organizations.
Torsten George's picture
Perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity- and credential-based threats.
Joshua Goldfarb's picture
Change may not always be on the docket, but when it is, how can we embrace it, understand it, and work to create a constructive environment around it?
Jim Ducharme's picture
In just about every case of digital identity, there seems to be a set of credential recovery mechanisms that are weaker than the authentication method itself.
Torsten George's picture
Organizations should recognize that not all authenticators are equally vulnerable to the mechanisms used to break the trust chain, which range from simple guesswork to coercion.
Jim Ducharme's picture
Now is the time to evaluate what methods of authentication will best serve your organization on the path to a passwordless future.
Jim Ducharme's picture
If you want to succeed with FIDO, you have to be ready. Now is the time to assess your organization’s authentication needs, how they are evolving, and the dynamics of your user population.
Jim Ducharme's picture
It’s time to address some myths about how facial recognition works, to help increase consumer comfort with biometric-authentication technology.
Torsten George's picture
Companies should consider moving to a Zero Trust approach, powered by additional security measures such as multi-factor authentication, to stay ahead of the security curve and leave passwords behind for good.