Identity and access management
Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.
Top Stories
-
Feature
20 Dec 2024
Identity and access management tools and features for 2025
The IAM tool marketplace is complex and ever-changing. Learn about key features and how to discern what your organization needs before approaching potential providers. Continue Reading
-
News
19 Dec 2024
BeyondTrust SaaS instances breached in cyberattack
BeyondTrust, a privileged access management vendor, patched two vulnerabilities this week after attackers compromised SaaS instances for a 'limited number' of customers. Continue Reading
-
Tip
27 Jul 2022
SSH2 vs. SSH1 and why SSH versions still matter
The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important. Continue Reading
-
News
26 Jul 2022
AWS issues MFA call to action at re:Inforce 2022
To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
-
Tip
22 Jul 2022
Top 10 enterprise data security best practices
To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your enterprise data security strategy. Continue Reading
-
Feature
08 Jul 2022
Top 7 types of data security technology
These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
-
News
23 Jun 2022
Access management issues may create security holes
Employees who aren't credentialed to access corporate systems to do their jobs find ways around the red tape that could lead to security breaches. Continue Reading
-
Definition
17 Jun 2022
X.509 certificate
An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate. Continue Reading
-
News
15 Jun 2022
Microsoft takes months to fix critical Azure Synapse bug
Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers. Continue Reading
-
Feature
10 Jun 2022
3 types of PKI certificates and their use cases
Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases. Continue Reading
-
Answer
09 Jun 2022
Are 14-character minimum-length passwords secure enough?
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe. Continue Reading
-
News
08 Jun 2022
SANS lists bad backups, cloud abuse as top cyberthreats
A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
-
News
07 Jun 2022
Microsoft details zero-trust transition, challenges
Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022. Continue Reading
-
Tutorial
02 Jun 2022
Improve Azure storage security with access control tutorial
These step-by-step guidelines detail how to grant limited access in Microsoft Azure storage. This best practice helps keep storage secure from internal and external threats. Continue Reading
-
News
24 May 2022
MFA technology is rapidly evolving -- are mandates next?
The evolving landscapes of both the modern workplace and cyberthreats have paved the way for some organizations to require multifactor authentication protection. Will others join? Continue Reading
-
Feature
20 May 2022
Apple, Microsoft, Google expand FIDO2 passwordless support
Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS. Continue Reading
-
News
19 May 2022
Small businesses under fire from password stealers
Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries. Continue Reading
-
Guest Post
17 May 2022
5 steps to ensure a successful access management strategy
Access management is top of mind for organizations, especially in the hybrid workspace. Follow these five steps to create an access management strategy that benefits all users. Continue Reading
-
News
28 Apr 2022
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
-
Definition
28 Apr 2022
man-in-the-middle attack (MitM)
A man-in-the-middle (MitM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. Continue Reading
-
Feature
27 Apr 2022
Why companies should focus on preventing privilege escalation
If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
-
Definition
20 Apr 2022
WLAN Authentication and Privacy Infrastructure (WAPI)
WLAN Authentication and Privacy Infrastructure (WAPI) is a wireless local area network security standard officially supported by the Chinese government. Continue Reading
-
News
18 Apr 2022
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos
Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm. Continue Reading
-
Definition
18 Apr 2022
built-in administrator account
In the Windows operating system, the built-in administrator account -- the first account created when the OS was installed -- has the highest permissions of any profile on the computer system. Continue Reading
-
News
14 Apr 2022
VMware Workspace One flaw actively exploited in the wild
Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity. Continue Reading
-
Tutorial
14 Apr 2022
Get started with Azure AD entitlement management automation
Identity governance tasks in Azure Active Directory can be overwhelming, but understanding how to use Microsoft Graph and PowerShell to work with these settings will help. Continue Reading
-
Tip
07 Apr 2022
5 key elements of data tenancy
Data tenancy is a key piece of any data protection scheme and can be crafted around five building blocks to provide safe, secure data access to users. Continue Reading
-
Definition
07 Apr 2022
Open System Authentication (OSA)
Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. Continue Reading
-
Feature
06 Apr 2022
How secure are one-time passwords from attacks?
Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs. Continue Reading
-
Definition
06 Apr 2022
AAA server (authentication, authorization and accounting)
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services. Continue Reading
-
Feature
04 Apr 2022
How to implement OpenID Connect for single-page applications
The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications. Continue Reading
-
Feature
04 Apr 2022
How to use OpenID Connect for authentication
OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs. Continue Reading
-
Definition
04 Apr 2022
Luhn algorithm (modulus 10)
The Luhn algorithm, also called modulus 10 or modulus 10 algorithm, is a simple mathematical formula used to validate a user's identification numbers. Continue Reading
-
Definition
31 Mar 2022
authentication server
An authentication server is an application that facilitates the authentication of an entity that attempts to access a network. Continue Reading
-
News
22 Mar 2022
Lapsus$ hacking group hit authentication vendor Okta
Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
-
Definition
21 Mar 2022
mutual authentication
Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other. Continue Reading
-
News
08 Mar 2022
Researchers uncover vulnerabilities in APC Smart-UPS devices
Researchers with Armis found a trio of vulnerabilities in uninterruptible power supply (UPS) devices from APC that could be remotely exploited by threat actors. Continue Reading
-
Feature
04 Mar 2022
Use digital identity proofing to verify account creation
Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address. Continue Reading
-
Feature
03 Mar 2022
How to stop malicious or accidental privileged insider attacks
How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
-
Tutorial
01 Mar 2022
Learn to adjust the AdminCount attribute in protected accounts
It's critical to know how to change the settings for protected accounts and groups in Active Directory to avoid serious problems. PowerShell can make quick edits to keep order. Continue Reading
-
Definition
25 Feb 2022
Shared Key Authentication (SKA)
Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. Continue Reading
-
Definition
25 Feb 2022
passphrase
A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack. Continue Reading
-
Tip
23 Feb 2022
How to use PKI to secure remote network access
Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
-
Tutorial
17 Feb 2022
Build your knowledge of Azure AD conditional access policies
The rapid pace of change in the modern workplace requires new methods to control who has access to what. This Azure Active Directory feature can help IT meet those security goals. Continue Reading
-
Definition
11 Feb 2022
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government's Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBC-MAC (CCM) mode of operation. Continue Reading
-
News
09 Feb 2022
Google: 2-step verification led to 50% fewer account hacks
Google auto-enrolled more than 150 million users into two-step verification last October and mandated two-step verification for 2 million-plus YouTube accounts. Continue Reading
-
Guest Post
09 Feb 2022
How automated certificate management helps retain IT talent
Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
-
News
03 Feb 2022
Distrust, feuds building among ransomware groups
In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model. Continue Reading
-
Definition
03 Feb 2022
Active Directory tree
An Active Directory (AD) tree is a collection of domains within a Microsoft Active Directory network. Continue Reading
-
Definition
03 Feb 2022
access control list (ACL)
An access control list (ACL) is a list of rules that specifies which users or systems are granted or denied access to a particular object or system resource. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
Definition
27 Jan 2022
one-time pad
In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. Continue Reading
-
Tip
26 Jan 2022
Integrating zero-trust practices into private 5G networks
One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
-
Tip
21 Jan 2022
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
-
Definition
29 Dec 2021
smart card
A smart card is a physical card that has an embedded integrated chip that acts as a security token. Continue Reading
-
Definition
28 Dec 2021
Encrypting File System (EFS)
Encrypting File System (EFS) provides an added layer of protection by encrypting files or folders on various versions of the Microsoft Windows OS. Continue Reading
-
Definition
28 Dec 2021
registration authority (RA)
A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it. Continue Reading
-
Definition
23 Dec 2021
SPML (Services Provisioning Markup Language)
Services Provisioning Markup Language (SPML) is an open source XML-based standard that facilitates the exchange of account provisioning information among applications, services and organizations. Continue Reading
-
Tutorial
20 Dec 2021
How to perform Azure AD bulk operations with PowerShell
Microsoft offers multiple ways to manage users and groups in Azure Active Directory. PowerShell is one option, but it requires knowing which module to use to handle coverage gaps. Continue Reading
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
-
Definition
10 Dec 2021
virtual local area network hopping (VLAN hopping)
Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system. Continue Reading
-
Feature
08 Dec 2021
Is a passwordless future getting closer to reality?
Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links. Continue Reading
-
Definition
07 Dec 2021
biometric payment
Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account. Continue Reading
-
Tip
06 Dec 2021
Why you should plan to upgrade to Azure AD Connect v2 soon
Administrators who rely on an Azure AD Connect v1 version for hybrid identity with Office 365 should prepare for the impending retirement of several technologies in the utility. Continue Reading
-
Feature
06 Dec 2021
Passwordless authentication issues to address before adoption
The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more. Continue Reading
-
Guest Post
30 Nov 2021
Enterprise password security guidelines in a nutshell
In this concise guide to passwords, experts at Cyber Tec outline the security problems that put enterprises at risk and offer answers on how to solve them. Continue Reading
-
News
15 Nov 2021
Microsoft releases out-of-band update for Windows Server
Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
-
Definition
09 Nov 2021
Security Assertion Markup Language (SAML)
Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems. Continue Reading
-
News
05 Nov 2021
MVSP: Will Google's security baseline work?
In response to data breaches involving third-party vendors, Google worked alongside vendors to developed what it refers to as a 'vendor-neutral security baseline.' Continue Reading
-
Definition
04 Nov 2021
RSA algorithm (Rivest-Shamir-Adleman)
The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network, such as the internet. Continue Reading
-
Tip
01 Nov 2021
Adopt 5 best practices for hybrid workplace model security
As hybrid workforce models become the norm due to the pandemic, enterprises should look to best practices to ensure secure unified access for on-premises and WFH employees. Continue Reading
-
Definition
27 Oct 2021
Digital Signature Standard (DSS)
The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.S. National Security Agency (NSA) as a means of authentication for electronic documents. Continue Reading
-
Definition
30 Sep 2021
RADIUS (Remote Authentication Dial-In User Service)
RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. Continue Reading
-
Definition
29 Sep 2021
CHAP (Challenge-Handshake Authentication Protocol)
CHAP (Challenge-Handshake Authentication Protocol) is a challenge and response authentication method that Point-to-Point Protocol (PPP) servers use to verify the identity of a remote user. Continue Reading
-
Definition
23 Sep 2021
digital certificate
A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it. Continue Reading
-
Definition
21 Sep 2021
key fob
A key fob is a small, programmable device that provides access to a physical object. Continue Reading
-
Definition
16 Sep 2021
shadow password file
A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system. Continue Reading
-
Definition
15 Sep 2021
Kerberos
Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. Continue Reading
-
Definition
01 Sep 2021
certificate authority (CA)
A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates. Continue Reading
-
Tip
01 Sep 2021
Blockchain for identity management: Implications to consider
Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization. Continue Reading
-
Definition
31 Aug 2021
federated identity management (FIM)
Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks. Continue Reading
-
Definition
20 Aug 2021
certificate revocation list (CRL)
A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their actual or assigned expiration date. Continue Reading
-
Definition
20 Aug 2021
nonrepudiation
Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information. Continue Reading
-
Guest Post
05 Aug 2021
3 steps to create a low-friction authentication experience
Passwords are no longer sufficient, but more secure authentication methods frustrate users. Explore how to create a low-friction authentication process for improved UX and trust. Continue Reading
-
Tip
03 Aug 2021
10 ways blockchain can improve IAM
DLT has the potential to revolutionize the identity management space. From boosting privacy to improving visibility, here are 10 use cases of blockchain in IAM. Continue Reading
-
Tip
03 Aug 2021
Federate and secure identities with enterprise BYOI
Consumers have been using the federated identity concept 'bring your own identity' through social sign-on for years. It is time for the enterprise to embrace the trend. Continue Reading
-
Feature
30 Jul 2021
Keycloak tutorial: How to secure different application types
IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
-
Feature
30 Jul 2021
Secure applications with Keycloak authentication tool
As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
-
Tip
27 Jul 2021
Use a decentralized identity framework to reduce enterprise risk
To reduce the risk of identity theft for customers, partners and employees, companies should look at integrating a decentralized identity framework into existing infrastructure. Continue Reading
-
Definition
27 Jul 2021
biometric verification
Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits. Continue Reading
-
Definition
27 Jul 2021
password
A password is a string of characters used to verify the identity of a user during the authentication process. Continue Reading
-
Definition
26 Jul 2021
biometrics
Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. Continue Reading
-
Definition
23 Jul 2021
privileged access management (PAM)
Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources. Continue Reading
-
Tip
12 Jul 2021
How to implement machine identity management for security
In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
-
Feature
12 Jul 2021
5 IAM trends shaping the future of security
The importance of identity and access management cannot be denied. However, the same old tools can't properly secure today's complex environments. These IAM trends are here to help. Continue Reading
-
Quiz
01 Jul 2021
Test yourself with this e-learning authentication quizlet
Integrity and authentication are two evergreen security topics. Try this quick quiz from Technic Publication's PebbleU, and see where to focus your continuing education. Continue Reading
-
Feature
08 Jun 2021
How cloud adoption is shaping digital identity trends in 2021
Expert Carla Roncato explains what organizations need to know about emerging digital identity and security trends for the cloud, including CASB, CIEM and zero trust. Continue Reading
-
Tip
07 Jun 2021
Corral superuser access via SDP, privileged access management
Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM? Continue Reading
-
Quiz
25 May 2021
Try this cloud identity and access management quiz
Remote work and increased cloud adoption have dramatically changed identity and access management. Take this cloud IAM quiz for infosec pros to see if your knowledge is up to date. Continue Reading
-
News
14 May 2021
'Scheme flooding' bug threatens to sink user privacy
Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN. Continue Reading
-
Tip
15 Apr 2021
Get to know cloud-based identity governance capabilities
As enterprise cloud adoption increases, the market for cloud identity governance is expected to expand. Learn more about the use cases, benefits and available product options. Continue Reading
-
News
05 Apr 2021
Remote work increases demand for zero-trust security
One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture. Continue Reading