Identity and access management
Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.
Top Stories
-
Feature
20 Dec 2024
Identity and access management tools and features for 2025
The IAM tool marketplace is complex and ever-changing. Learn about key features and how to discern what your organization needs before approaching potential providers. Continue Reading
By- Ed Moyle, Drake Software
-
News
19 Dec 2024
BeyondTrust SaaS instances breached in cyberattack
BeyondTrust, a privileged access management vendor, patched two vulnerabilities this week after attackers compromised SaaS instances for a 'limited number' of customers. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
28 Jan 2019
The evolution of the Let's Encrypt certificate authority
Certificate authorities work differently since the open source Let's Encrypt project went into effect. Expert Fernando Gont explains how both CAs and Let's Encrypt operate. Continue Reading
By- Fernando Gont, SI6 Networks
-
Feature
23 Jan 2019
Three examples of multifactor authentication use cases
When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation. Continue Reading
By -
Feature
23 Jan 2019
Purchasing multifactor authentication tools: What to consider
Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits. Continue Reading
By -
Feature
18 Jan 2019
Exploring multifactor authentication benefits and technology
Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud. Continue Reading
By -
Tip
15 Jan 2019
Updating TLS? Use cryptographic entropy for more secure keys
Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson. Continue Reading
-
Tip
11 Jan 2019
Key customer identity access management features to consider
Evaluating customer identity access management products is complicated but necessary. Learn what’s new and what you need most right now. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
11 Jan 2019
CIAM vs. IAM: The key differences 'customer' makes
Find out everything you need to know about the nuances that differentiate customer IAM from traditional IAM so that you can implement the CIAM system at your organization. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
17 Dec 2018
For effective customer IAM, bundle security and performance
CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
News
14 Dec 2018
Mozilla distrusts all Symantec certificates with Firefox 64 release
News roundup: Mozilla finally removes trust for Symantec certificates with Firefox 64. Plus, Supermicro's investigation challenges Bloomberg Businessweek's report, and more. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
03 Dec 2018
IAM system strategy identifies metrics that work for business
Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
By- Steve Zurier, ZFeatures
- 03 Dec 2018
-
Podcast
30 Nov 2018
Risk & Repeat: DeepMasterPrints spells trouble for biometrics
This week's Risk & Repeat podcast looks at the future of biometric authentication after researchers unveiled a new approach that uses neural networks to bypass fingerprint scanners. Continue Reading
By- Rob Wright, Senior News Director
-
News
21 Nov 2018
DeepMasterPrints fake fingerprints can fool fingerprint sensors
Researchers have developed AI-generated synthetic fingerprints -- known as DeepMasterPrints -- that can spoof biometric scanners and potentially be used to launch practical attacks. Continue Reading
By- Michael Heller, TechTarget
-
Podcast
20 Nov 2018
Risk & Repeat: Who's to blame for bad passwords?
This week's Risk & Repeat podcast discusses whether users are responsible for creating and reusing weak passwords or if the technology systems themselves are to blame. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
05 Nov 2018
How can U2F authentication end phishing attacks?
By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb. Continue Reading
By -
Tip
30 Oct 2018
Enterprises should reconsider SMS-based 2FA use after breach
A Reddit breach was triggered by threat actors intercepting SMS messages used to authenticate employees to access sensitive data. Learn why enterprises should reconsider SMS for 2FA. Continue Reading
By -
Tip
17 Oct 2018
How to monitor AWS credentials with the new Trailblazer tool
A security researcher introduced a tool called Trailblazer, which aims to simplify monitoring AWS credentials. Expert Dave Shackleford explains how it can bolster cloud security. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Answer
11 Oct 2018
How did Netflix phishing attacks use legitimate TLS certificates?
Hackers can imitate the design and domain name of popular sites like Netflix to steal credentials. Expert Michael Cobb explains how these Netflix phishing attacks work. Continue Reading
By -
Podcast
08 Oct 2018
Risk & Repeat: Inside the Facebook 2FA fail
This week's Risk & Repeat podcast discusses the latest controversy for Facebook, which has been using two-factor authentication numbers for advertising purposes. Continue Reading
By- Rob Wright, Senior News Director
-
News
03 Oct 2018
DigiCert, Gemalto and ISARA to provide quantum-proof certificates
Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry. Continue Reading
-
News
27 Sep 2018
Microsoft wants to eliminate passwords -- and there's an app for that
At its Ignite 2018 conference, Microsoft declared an end to the password era and extended support for its Microsoft Authenticator app to Azure AD-connected apps. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
21 Sep 2018
PulseNet: How do improper authentication flaws affect it?
GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works with Judith Myerson. Continue Reading
-
Tip
11 Sep 2018
What about enterprise identity management for 'non-users'?
Identity and access management for service, machine and application accounts is as important as it is for individuals, so be sure your IAM strategy considers so-called non-users. Continue Reading
By- Ed Moyle, Drake Software
-
Answer
07 Sep 2018
How does a WDC vulnerability put hardcoded passwords at risk?
Several vulnerabilities were found in Western Digital's My Cloud, including one that affects the default hardcoded password. Learn how to avoid such risks with expert Nick Lewis. Continue Reading
By -
Tip
05 Sep 2018
How Azure AD uses cloud access control to protect credentials
Features such as Microsoft Azure AD Smart Lockout and Password Protection add security via trusted authentication. Learn more about cloud access control from expert Ed Moyle. Continue Reading
By- Ed Moyle, Drake Software
-
Feature
24 Aug 2018
Weighing privileged identity management tools' pros and cons
Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company. Continue Reading
By -
Answer
21 Aug 2018
LG network: How can attackers use preauthenticated commands?
A vulnerability was found in the LG network involving remote preauthenticated commands. Learn how researchers created a malicious password to show how it issue can be abused. Continue Reading
-
Feature
16 Aug 2018
OneLogin security chief delivers new security model
How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading
-
Opinion
15 Aug 2018
With Pwned Passwords API, annoying password policies can finally go away
Update password policies at your company by following the 2017 NIST regulations—improving user experience drastically, and the Pwned Passwords API can help. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
13 Aug 2018
10 unified access management questions for OneLogin CSO Justin Calmus
Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading
-
Guide
09 Aug 2018
Advances in access governance strategy and technology
Recent advances in IAM policy, strategy and technology are raising companies' ability authenticate identities and manage access to their systems and data. Continue Reading
-
News
03 Aug 2018
Reddit breach sparks debate over SMS 2FA
Using two-factor authentication with one-time passwords sent via SMS has come under question again after a Reddit breach was blamed on the faulty 2FA method. Continue Reading
By- Michael Heller, TechTarget
-
News
24 Jul 2018
Physical security keys eliminate phishing at Google
Successful phishing attempts have been eliminated among Google employees following a requirement to use physical security keys in order to gain access to all Google accounts. Continue Reading
By- Michael Heller, TechTarget
-
News
20 Jul 2018
Cloud misconfigurations can be caused by too many admins
Cloud misconfigurations have reached a point where sensitive data can't be protected with manual control, says BetterCloud's David Politis. And part of the issue is too many admins. Continue Reading
By- Michael Heller, TechTarget
-
News
20 Jul 2018
Microsoft launches Identity Bounty Program, offers up to $100,000
Microsoft introduced its new Identity Bounty Program that offers up to $100,000 in rewards for reported vulnerabilities in its identity services, such as Azure Active Directory. Continue Reading
By- Rob Wright, Senior News Director
-
News
20 Jul 2018
As AI identity management takes shape, are enterprises ready?
Experts at the Identiverse 2018 conference discussed how artificial intelligence and machine learning are poised to reshape the identity and access management market. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
19 Jul 2018
Security in Network Functions Virtualization
In this excerpt of chapter 4 of Security in Network Functions Virtualization, authors Zonghua Zhang and Ahmed Meddahi discuss Identity and Access Management in NFV. Continue Reading
By- SearchSecurity and Syngress
-
Tip
11 Jul 2018
The threat of shadow admins in the cloud to enterprises
Having shadow admins in the cloud means unauthorized users can access everything a legitimate administrator can. Expert Ed Moyle explains how this works and how to stop it. Continue Reading
By- Ed Moyle, Drake Software
-
Podcast
06 Jul 2018
Risk & Repeat: Is AI-driven identity management the future?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Identiverse 2018 and how artificial intelligence is being applied to identity and access management. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
03 Jul 2018
Why a zero-trust network with authentication is essential
Zero-trust networks are often deemed compromised and untrusted, making authentication variables essential to security. Expert Matthew Pascucci explains a zero-trust security model. Continue Reading
-
Opinion
02 Jul 2018
Yubikey is hot in the security space, so we tested the consumer experience
How easy is it to use Yubikey and would I recommend it? Continue Reading
By- Kyle Johnson, Technology Editor
-
News
29 Jun 2018
GlobalSign, Comodo launch competing IoT security platforms
Rival certificate authorities GlobalSign and Comodo CA have strengthened their presence in the IoT security market with new platforms for connected devices. Continue Reading
By- Rob Wright, Senior News Director
-
News
26 Jun 2018
Ping adds AI-driven API protection with Elastic Beam acquisition
Ping Identity increased its focus on API security with the acquisition of Elastic Beam, a startup that uses artificial intelligence to apply behavioral security on enterprise APIs. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
07 Jun 2018
How does a SAML vulnerability affect single sign-on systems?
Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works. Continue Reading
By -
Tip
01 May 2018
How the BloodHound tool can improve Active Directory security
Auditing Active Directory can be made easier with tools like the open source BloodHound tool. Expert Joe Granneman looks at the different functions of the tool and how it can help. Continue Reading
By- Joseph Granneman, Illumination.io
-
News
27 Apr 2018
Sexy, but stupid: Biometrics security requires balancing risks
When it comes to biometrics, security coexists with stupidity, unless implementers take the time to understand the limits, according to Adam Englander at RSAC 2018. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
24 Apr 2018
Akamai touts network perimeter security shifts, zero-trust model
As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
16 Apr 2018
SSH announces new key and certificate management service
A new key and certificate management service is now offered by SSH, which teamed up with AppViewX to provide a way to administer cryptographic keys and digital certificates. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Answer
12 Apr 2018
Will biometric authentication systems replace passwords?
Biometric authentication systems have gained traction on mobile devices, but when will they become dominant within the enterprise? Expert Bianca Lopes weighs in on the topic. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
11 Apr 2018
How TLS mutual authentication for cloud APIs bolsters security
Secure access to cloud APIs is necessary but challenging. One viable option to combat that is TLS mutual authentication, according to expert Ed Moyle. Continue Reading
By- Ed Moyle, Drake Software
-
News
10 Apr 2018
WebAuthn API gets standards nod from W3C, FIDO Alliance
W3C and the FIDO Alliance have given websites a new tool for doing FIDO-compliant authentication, as the WebAuthn authentication protocol is promoted to W3C Candidate Recommendation. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Podcast
07 Mar 2018
Risk & Repeat: Trustico certificate drama a cause for concern
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how a controversial move by reseller Trustico led to 23,000 Symantec SSL certificates being revoked. Continue Reading
By- Rob Wright, Senior News Director
-
News
02 Mar 2018
23,000 Symantec certificates revoked following leak of private keys
DigiCert revoked 23,000 Symantec SSL certificates amid a public spat between the company and former reseller partner Trustico, which claimed the certificates were 'compromised.' Continue Reading
By- Rob Wright, Senior News Director
-
Answer
28 Feb 2018
Single sign-on best practices: How can enterprises get SSO right?
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good start. Here's how to do it. Continue Reading
-
News
27 Feb 2018
New SAML vulnerability enables abuse of single sign-on
Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords. Continue Reading
By- Rob Wright, Senior News Director
-
Blog Post
23 Feb 2018
Facebook's 2FA bug lands social media giant in hot water
Facebook came under fire after a two-factor authentication bug sent non-security notifications to users' phones, sparking a debate about media coverage and 2FA adoption. Continue Reading
By- Rob Wright, Senior News Director
-
Blog Post
08 Feb 2018
Symantec's untrusted certificates: How many are still in use?
A security researcher found that a significant number of popular websites are still using untrusted certificates from Symantec, which will be invalidated this year. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
01 Feb 2018
Bypassing facial recognition: The means, motive and opportunity
Researchers bypassed Apple's facial recognition authentication program, Face ID, in under a week. Expert Michael Cobb explains why it's not a major cause for concern for users. Continue Reading
By -
News
30 Jan 2018
New Comodo CA leadership talks competition, IoT devices
Comodo CA's new chairman Bill Conner and CEO Bill Holtz talk with SearchSecurity about competition in the certificate market and how the internet of things will fuel growth. Continue Reading
By- Rob Wright, Senior News Director
-
News
25 Jan 2018
Comodo calls out Symantec certificate issues, applauds Google
Bill Conner and Bill Holtz, who recently joined Comodo CA as chairman and CEO, respectively, discuss Symantec's certificate issues and their effect on the certificate market. Continue Reading
By- Rob Wright, Senior News Director
-
Podcast
17 Jan 2018
Risk & Repeat: Let's Encrypt certificates offer pros, cons
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Let's Encrypt certificates and weigh the positives and negatives the free certificate authority provides. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
16 Jan 2018
Advanced Protection Program: How has Google improved security?
Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors. Continue Reading
-
Answer
26 Dec 2017
What is emotional data and what are the related privacy risks?
SearchSecurity talks with UC Berkeley professor Steven Weber about the concept of emotional data, where it comes from and how it can potentially be used -- and abused. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
20 Dec 2017
QakBot malware: How did it trigger Microsoft AD lockouts?
QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks are being carried out. Continue Reading
By -
Answer
19 Dec 2017
OneLogin data breach: What does the attack mean for SSOs?
A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies. Continue Reading
By -
Tip
14 Dec 2017
Cryptographic keys: Your password's replacement is here
As passwords become targets of phishing attacks, password management has become increasingly difficult. Expert Nick Lewis explains how cryptographic keys could replace passwords. Continue Reading
By -
Answer
08 Dec 2017
LDAP injection: How was it exploited in a Joomla attack?
After eight years, Joomla discovered an LDAP vulnerability that could be exploited by threat actors. Learn how the attack works from expert Matt Pascucci. Continue Reading
-
Tip
07 Dec 2017
How machine learning-powered password guessing impacts security
A new password guessing technique takes advantage of machine learning technologies. Expert Michael Cobb discusses how much of a threat this is to enterprise security. Continue Reading
By -
Tip
30 Nov 2017
Use caution with OAuth 2.0 protocol for enterprise logins
Many apps are using the OAuth 2.0 protocol for both authentication and authorization, but technically it's only a specification for delegated authorization, not for authentication. Continue Reading
By -
Feature
28 Nov 2017
Security Controls Evaluation, Testing, and Assessment Handbook
In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control. Continue Reading
By- Syngress & SearchSecurity
-
News
17 Nov 2017
Researchers bypass iPhone X security feature Face ID
News roundup: In under a week after its release, researchers were able to bypass the main iPhone X security feature, Face ID. Plus, Microsoft patched a 17-year-old flaw, and more. Continue Reading
By- Madelyn Bacon, TechTarget
-
Podcast
08 Nov 2017
Risk & Repeat: Sale of Symantec Website Security completed
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec's troubled certificate business. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
08 Nov 2017
Learn how to identify and prevent access control attacks
Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening. Continue Reading
By -
Answer
07 Nov 2017
How should security teams handle the Onliner spambot leak?
A security researcher recently discovered a list of 711 million records used by the Onliner spambot. Expert Matt Pascucci explains what actions exposed individuals should take. Continue Reading
-
Answer
26 Oct 2017
Google Docs phishing attack: How does it work?
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend against such an attack. Continue Reading
By -
Answer
24 Oct 2017
Samsung S8 iris scanner: How was it bypassed?
Hackers bypassed the Samsung S8 iris scanner, which could spell trouble for biometric authentication. Expert Nick Lewis explains how it happened and how to stay protected. Continue Reading
By -
News
20 Oct 2017
Advanced Protection Program locks down Google accounts
Google's Advanced Protection Program greatly increases the security of user accounts, but the usability tradeoffs may not be worth it for average users. Continue Reading
By- Michael Heller, TechTarget
-
Answer
20 Oct 2017
What knowledge factors qualify for true two-factor authentication?
Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and uses for mobile devices. Continue Reading
By -
Answer
19 Oct 2017
Running a private certificate authority: What are the risks?
Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what enterprises should know. Continue Reading
By -
Answer
04 Oct 2017
WoSign certificates: What happens when Google Chrome removes trust?
Google Chrome has started removing trust in certificates issued by WoSign. Matthew Pascucci explains this decision and what it means for companies using WoSign certificates. Continue Reading
-
Blog Post
15 Sep 2017
Fearmongering around Apple Face ID security announcement
As fears grow over government surveillance, the phrase "facial recognition" often triggers a bit of panic in the public, and some commentators are exploiting that fear to overstate any risks ... Continue Reading
By- Michael Heller, TechTarget
-
News
13 Sep 2017
Apple claims iPhone X Face ID has better security than Touch ID
Apple announced the new iPhone X Face ID system, which replaces Touch ID in favor of facial recognition and may offer 20 times fewer false positives than fingerprint scanning. Continue Reading
By- Michael Heller, TechTarget
-
Answer
15 Aug 2017
What is the best way to secure telematics information?
SMS authentication is often used to secure telematics information, but it may not be strong enough. Expert Judith Myerson discusses why, and how to improve the protection of this data. Continue Reading
-
Tip
09 Aug 2017
Are biometric authentication methods and systems the answer?
Biometric authentication methods, like voice, fingerprint and facial recognition systems, may be the best replacement for passwords in user identity and access management. Continue Reading
By -
Answer
09 Aug 2017
What tools can bypass Google's CAPTCHA challenges?
The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the attack works. Continue Reading
By -
Blog Post
08 Aug 2017
The Symantec-Google feud can't be swept under the rug
The Symantec-Google feud regarding the antivirus vendor's web certificate practices appears to be over. But that doesn't mean it should be minimized or ignored. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
27 Jul 2017
SHA-1 collision: How the attack completely breaks the hash function
Google and CWI researchers have successfully developed a SHA-1 attack where two pieces of data create the same hash value -- or collide. Expert Michael Cobb explains how this attack works. Continue Reading
By -
News
20 Jul 2017
Industry reacts to Symantec certificate authority trust remediation
As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
13 Jul 2017
Symantec certificate authority business reportedly for sale
As Google and Mozilla prepare plans to reduce trust for Symantec's certificate authority, the antivirus vendor is reported to be seeking a buyer for its web certificate business. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Podcast
12 Jul 2017
Risk & Repeat: Should IAM systems be run by machine learning?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
12 Jul 2017
Q&A: Ping CEO on contextual authentication, intelligent identity
Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises. Continue Reading
By- Rob Wright, Senior News Director
-
News
10 Jul 2017
WoSign CA certificates get end-of-trust date in Chrome
Google to distrust all WoSign CA certificates in Chrome starting in September, as the troubled certificate authority passed a key audit and is seeking a new CEO to help return trust. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Answer
06 Jul 2017
How does the Microsoft Authenticator application affect password use?
The Microsoft Authenticator application enables smartphone-based, two-factor authentication and attempts to reduce the use of passwords. Expert Matthew Pascucci explains how. Continue Reading
-
Podcast
23 Jun 2017
Risk & Repeat: Symantec, Mozilla spar over certificate issuance
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Mozilla's suggested deadline for Symantec to turn over its certificate issuance operations. Continue Reading
By- Rob Wright, Senior News Director
-
News
23 Jun 2017
Privileged user management trips up NSA
News roundup: DOD inspector general found NSA failed to implement secure privileged user management post-Snowden. Plus, Honda hit by WannaCry, Trump met with tech CEOs and more. Continue Reading
By- Madelyn Bacon, TechTarget
-
News
22 Jun 2017
Machine learning in cybersecurity is coming to IAM systems
Machine learning in cybersecurity applications for identity management systems are becoming more common today. But will algorithms be the best option for authenticating and authorizing users? Continue Reading
By- Rob Wright, Senior News Director
-
Tip
22 Jun 2017
How the use of invalid certificates undermines cybersecurity
Symantec and other trusted CAs were found using bad certificates, which can create huge risk for internet users. Expert Michael Cobb explains how these incidents can be prevented. Continue Reading
By -
News
21 Jun 2017
Ping embeds multifactor authentication security in mobile apps
At the 2017 Cloud Identity Summit, Ping Identity launched a new software development kit that will embed multifactor authentication security features in mobile apps. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
07 Jun 2017
How does Facebook's Delegated Recovery enable account verification?
Facebook's Delegated Recovery aims to replace knowledge-based authentication with third-party account verification. Expert Michael Cobb explains how this protocol works. Continue Reading
By -
Blog Post
06 Jun 2017
Symantec certificate authority aims for more delays on browser trust
Is the Symantec certificate authority operation too big to fail? That seems to be the message the security giant is sending in its latest response to a proposal from the browser community to turn ... Continue Reading
By- Peter Loshin, Former Senior Technology Editor