Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Four major wireless U.S. carriers are developing a new single sign-on variant they believe will finally do away with passwords. [Read More]
Researchers say a UK-based document printing and binding company leaked hundreds of gigabytes of information, including sensitive military documents, via an unprotected AWS server. [Read More]
NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes. [Read More]
Axis Security, a company that specializes in private application access, has emerged from stealth mode with $17 million in funding. [Read More]
Researchers have discovered 16 types of vulnerabilities, including many backdoors, in Zyxel’s CloudCNM SecuManager network management software. [Read More]
Google has released a new tool designed to identify potential USB keystroke injection attacks and block devices they originate from. [Read More]
Identity management firm Auth0 has added a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks. [Read More]
Google has announced that Android and macOS users can now use more web browsers to initially register security keys to their accounts. [Read More]
Free and open certificate authority (CA) Let’s Encrypt has decided that it will not revoke one million of the certificates affected by the recent CAA recheck bug. [Read More]
Most Intel chipsets are affected by a vulnerability that can be exploited to obtain protected information and compromise data protection technologies. [Read More]

FEATURES, INSIGHTS // Identity & Access

rss icon

Torsten George's picture
Static passwords lack the ability to verify whether the user accessing data is authentic or just someone who bought a compromised password.
Jim Ducharme's picture
If there’s one thing you can be sure of about user authentication methods today, it’s that determining the best choice isn’t as simple or straightforward as it used to be.
Josh Lefkowitz's picture
As the technology and tools to leverage stolen credentials advance, defenders should seek out innovative new ways to proactively flag exposed passwords leveraging insights gleaned from illicit communities and open-web dumps.
Jim Ducharme's picture
As the workforce continues to evolve, a one-size-fits-all approach won’t work for different identity and access management needs across organizations.
Torsten George's picture
Perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity- and credential-based threats.
Joshua Goldfarb's picture
Change may not always be on the docket, but when it is, how can we embrace it, understand it, and work to create a constructive environment around it?
Jim Ducharme's picture
In just about every case of digital identity, there seems to be a set of credential recovery mechanisms that are weaker than the authentication method itself.
Torsten George's picture
Organizations should recognize that not all authenticators are equally vulnerable to the mechanisms used to break the trust chain, which range from simple guesswork to coercion.
Jim Ducharme's picture
Now is the time to evaluate what methods of authentication will best serve your organization on the path to a passwordless future.
Jim Ducharme's picture
If you want to succeed with FIDO, you have to be ready. Now is the time to assess your organization’s authentication needs, how they are evolving, and the dynamics of your user population.