Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

Video 17 Jul 2025
An explanation of identity and access management

Identity and access management systems safeguard businesses by controlling digital identities, managing access rights and implementing security protocols. Continue Reading
By
- Tommy Everson, Assistant Editor
- Sharon Shea, Executive Editor
Feature 08 Jul 2025
How to implement zero trust: 7 expert steps

Zero trust means a lot more than determining how users access resources. Successful implementation takes time, commitment and ongoing support. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
- Alissa Irei, Senior Site Editor

Feature 08 Jul 2025
How to implement zero trust: 7 expert steps

Zero trust means a lot more than determining how users access resources. Successful implementation takes time, commitment and ongoing support. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
- Alissa Irei, Senior Site Editor
Definition 02 Jul 2025
What is a message authentication code (MAC)? How it works and best practices

A message authentication code (MAC) is a cryptographic checksum applied to a message to guarantee its integrity and authenticity. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Robert Sheldon
Definition 02 Jul 2025
What is the principle of least privilege (POLP)?

The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Definition 27 Jun 2025
What is phishing? Understanding enterprise phishing threats

Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person to trick users into revealing sensitive information. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Tip 27 Jun 2025
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Opinion 26 Jun 2025
Top identity security themes at Identiverse 2025

Identiverse 2025 found security pros tackling nonhuman identity risks, preparing for agentic AI challenges and shifting from homegrown to commercial CIAM tools. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Guest Post 25 Jun 2025
Authorization sprawl: Attacking modern access models

Attackers exploit authorization sprawl by using legitimate credentials and SSO tokens to move between systems, bypassing security controls and deploying ransomware undetected. Continue Reading
By
- Joshua Wright, SANS Institute
Tip 25 Jun 2025
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use, AI-driven attacks and vulnerable enterprise technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
Definition 25 Jun 2025
What is single sign-on (SSO)?

Single sign-on (SSO) is a session and user authentication service that lets users access multiple applications or systems with a single set of login credentials. Continue Reading
By
- Kinza Yasar, Technical Writer
- Taina Teravainen
Tip 24 Jun 2025
Cybersecurity governance: A guide for businesses to follow

Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 24 Jun 2025
Multifactor authentication: 5 examples and strategic use cases

Before implementing MFA, conduct a careful study to determine which security factors offer the strongest protection. Passwords and PINs aren't cutting it any longer. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Feature 20 Jun 2025
What executives must know about nation-state threat actors

Nation-state threat actors like Russia, China, Iran and North Korea are targeting critical infrastructure and sensitive data, so executives must prepare to defend against them. Continue Reading
By
- Madeleine Streets, Senior content manager
Tip 17 Jun 2025
How to set up Windows Hello for Business, step by step

Licensing for Windows Hello for Business is a simple process, but the setup involves making several decisions, including how to host the service, authentication types and more. Continue Reading
By
- Peter van der Woude, InSpark
Feature 16 Jun 2025
3 leading multifactor authentication tool providers

Compare top MFA providers Cisco, Okta and Ping Identity. Learn product features and pricing tiers, and get advice on selecting a product for your organization's security needs. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tutorial 16 Jun 2025
Hydra password-cracking tool: How to download and use it for good

Ethical hackers, need help brute forcing passwords? Learn how to download and use the open source Hydra password-cracking tool with this step-by-step tutorial and companion video. Continue Reading
By
- Ed Moyle, SecurityCurve
Definition 16 Jun 2025
What is HMAC (Hash-Based Message Authentication Code)?

Hash-based message authentication code (HMAC) is a message encryption method that uses a cryptographic key with a hash function. Continue Reading
By
- Scott Robinson, New Era Technology
- Rahul Awati
Tip 10 Jun 2025
Enumeration attacks: What they are and how to prevent them

User and network enumeration attacks help adversaries plan strong attack campaigns. Prevent them with MFA, rate limiting, CAPTCHA, secure code and more. Continue Reading
By
- Ravi Das, ML Tech Inc.
Tip 10 Jun 2025
How to calculate Windows Hello for Business cost

Just how much does Windows Hello for Business cost? It's not exactly a simple answer, but the good news is that there are lots of ways to attain a license. Continue Reading
By
- Gary Olsen
Definition 10 Jun 2025
What is Cisco ISE?

Cisco Identity Services Engine (ISE) is a security policy management platform that provides secure network access to end users and devices. Continue Reading
By
- Rahul Awati
- Alexander S. Gillis, Technical Writer and Editor
Tip 09 Jun 2025
Fix Active Directory account lockouts with PowerShell

Entering the wrong credentials so many times can block users from logging in. This tutorial explains how to find and correct these issues and other lockout events. Continue Reading
By
- Brien Posey
Feature 06 Jun 2025
Why identity is the new perimeter – and how to defend it

Identity has replaced network boundaries as today's security perimeter. Organizations must focus on protecting digital identities to safeguard their assets. Continue Reading
By
- Sean Michael Kerner
Tip 06 Jun 2025
How to navigate the Windows Hello for Business requirements

While Windows Hello is easy to set up on the user level, Windows Hello for Business needs a bit more back-end legwork to meet the infrastructure and licensing requirements. Continue Reading
By
- Gary Olsen
Definition 06 Jun 2025
What is cyber extortion?

Cyber extortion is a crime involving an attack or threat of an attack, coupled with a demand for money or some other response, in return for stopping an attack or preventing one from happening. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
Tip 03 Jun 2025
Account lockout policy: Setup and best practices explained

Organizations must carefully balance security and UX when implementing account lockout policies. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 02 Jun 2025
What is a time-based one-time password?

A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. Continue Reading
By
- Colin Steele
Tip 28 May 2025
Comparing Windows Hello vs. Windows Hello for Business

Windows Hello allows desktop admins to manage local Windows authentication with new tools, but the difference between the free and business versions is critical for IT to know. Continue Reading
By
- Robert Sheldon
Definition 21 May 2025
What is a passkey?

A passkey is an alternative user authentication method that eliminates the need for usernames and passwords. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Amanda Stevens
Definition 19 May 2025
What is Universal 2nd Factor (U2F)?

Universal 2nd Factor (U2F) is a physical device that can act as a form of authentication for an account. Continue Reading
By
- Gavin Wright
Opinion 09 May 2025
RSAC 2025 Conference: Identity security highlights

RSAC 2025 Conference was abuzz with talk about agentic AI and tool convergence. Analyst Todd Thiemann shares how these trends affect identity security. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 06 May 2025

Ongoing passkey usability challenges require 'problem-solving'

While passkeys offer enhanced security against phishing and credential theft, implementation hurdles, cross-platform inconsistencies and user experience challenges pose significant barriers to widespread adoption. Continue Reading
Definition 06 May 2025
What is segregation of duties (SoD)?

Segregation of duties (SoD) is an internal control mechanism designed to prevent errors and fraud by ensuring at least two individuals are responsible for the separate parts of any task. Continue Reading
By
- Katie Terrell Hanna
- Rahul Awati
News 05 May 2025

RSAC 2025: AI to advance identity, passwordless progress, Dashlane says

Dashlane CEO John Bennett tells Dark Reading’s Terry Sweeney that the advent of shadow AI use means that some AI agents and models operate without any credentials, increasing the organization’s risk. Continue Reading
Definition 05 May 2025
What is a registration authority (RA)?

A registration authority (RA) is an entity that is authorized to verify user requests for a digital certificate and also to tell a certificate authority (CA) to issue that certificate to the user. Continue Reading
By
- Rahul Awati
- Andrew Froehlich, West Gate Networks
Feature 30 Apr 2025
RSAC Conference 2025 video reports

We chatted on camera with attendees and presenters at RSAC 2025. Check out this video collection to get highlights from one of the world's major cybersecurity conferences. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Tutorial 14 Apr 2025
How to create custom sudo configuration files in /etc/sudoers

Sudo offers administrators a lot of flexibility. Creating custom sudo configurations can go a long way toward easing management and service upgrade challenges. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Definition 11 Apr 2025
What is Active Directory (AD)?

Active Directory (AD) is Microsoft's proprietary directory service that enables network admins to manage users, permissions and their access to networking resources. Continue Reading
By
- Rahul Awati
- Wesley Chai
- Alexander S. Gillis, Technical Writer and Editor
Opinion 09 Apr 2025
Data security and identity security themes at RSAC 2025

Check out what Enterprise Strategy Group analyst Todd Thiemann has on his agenda for RSA Conference 2025. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 08 Apr 2025
AI agents raise stakes in identity and access management

IT vendors roll out fresh tools to take on identity and access management for AI agents as enterprises deploy them internally and battle malicious ones externally. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 01 Apr 2025
IAM compliance: Know the system controls at your disposal

IAM is critical to an organization's data security posture, and its role in regulatory compliance is just as crucial. Continue Reading
By
- Sharon Shea, Executive Editor
Tip 28 Mar 2025
How to create a strong passphrase, with examples

Passphrases have emerged as an effective way to protect networks from brute-force attacks. But users still need to know how to create a passphrase that's effective. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Tip 26 Mar 2025
Benefits and challenges of zero standing privileges

Zero standing privileges combines the zero-trust model with the principle of least privilege to strengthen privileged access management and reduce enterprise attack surfaces. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 21 Mar 2025
How to disable the Windows Hello feature with Intune

While Windows Hello for Business can be a helpful feature, sometimes IT will need to disable it. Learn two approaches to disabling this authentication service and when to do each. Continue Reading
By
- Peter van der Woude, InSpark
Definition 13 Mar 2025
What is a pass-the-hash attack?

A pass-the-hash attack is an exploit in which an attacker steals a hashed user credential and -- without cracking it -- reuses it to trick an authentication system into creating a new authenticated session on the same network. Continue Reading
By
- Nick Barney, Technology Writer
- Madelyn Bacon, TechTarget
Definition 10 Mar 2025
What is Kerberos and how does it work?

Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. Continue Reading
By
- Rahul Awati
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
Answer 10 Mar 2025
What are the most common digital authentication methods?

How an organization authenticates users and devices is a hugely important piece in the cybersecurity puzzle. Get to know the various forms of digital authentication. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Definition 07 Mar 2025
What is a certificate authority (CA)?

A certificate authority (CA) is a trusted entity that issues digital certificates to authenticate content sent from web servers. Continue Reading
By
- Rahul Awati
- Peter Loshin, Former Senior Technology Editor
Definition 28 Feb 2025
What is multifactor authentication?

Multifactor authentication (MFA) is an IT security technology that requires multiple sources of unique information from independent categories of credentials to verify a user's identity for a login or other transaction. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
- Kinza Yasar, Technical Writer
- Mary E. Shacklett, Transworld Data
Definition 27 Feb 2025
What is federated identity management (FIM)? How does it work?

Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Rahul Awati
- Linda Rosencrance
Definition 25 Feb 2025
What is Active Directory Domain (AD Domain)?

An Active Directory domain (AD domain) is a collection of objects within a Microsoft Active Directory network. An object can be a single user or a group, or it can be a hardware component, such as a computer or printer. Each domain holds a database containing object identity information. Continue Reading
By
- Rahul Awati
- Stephen J. Bigelow, Senior Technology Editor
- Ben Rubenstein, Senior Manager, Social Media and Online Community
Feature 21 Feb 2025
How to build an effective IAM architecture

Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization. Continue Reading
By
- Ed Moyle, SecurityCurve
Definition 19 Feb 2025
What is email spoofing?

Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source. Continue Reading
By
- Scott Robinson, New Era Technology
- Peter Loshin, Former Senior Technology Editor
Definition 19 Feb 2025
What is challenge-response authentication?

In computer security, challenge-response authentication is a set of protocols used to protect digital assets and services from unauthorized users, programs and activities. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Linda Rosencrance
Tip 11 Feb 2025
Benefits and challenges of passkeys in the enterprise

Passkeys overcome some of the critical security vulnerabilities plaguing passwords. But enterprises face some new challenges when deploying the authentication technology. Continue Reading
By
- Jerald Murphy, Nemertes Research
Definition 11 Feb 2025
What is the RSA algorithm?

The RSA algorithm (Rivest-Shamir-Adleman) is a public key cryptosystem that uses a pair of keys for securing digital communication and transactions over insecure networks, such as the internet. Continue Reading
By
- Kinza Yasar, Technical Writer
- Michael Cobb
Definition 11 Feb 2025
What is privileged access management (PAM)?

Privileged access management (PAM) is a security framework designed to protect organizations against cyberthreats by controlling and monitoring access to critical information and resources. Continue Reading
By
- Kinza Yasar, Technical Writer
- Sarah Lewis
Answer 07 Feb 2025
7 key identity and access management benefits

Identity and access management benefits users, security and IT admins, and it also improves an organization's security posture. Read up on seven key advantages of IAM. Continue Reading
By
- Sharon Shea, Executive Editor
- Andrew Froehlich, West Gate Networks
Tip 04 Feb 2025
Cloud PAM benefits, challenges and adoption best practices

Cloud PAM helps organizations manage access to privileged accounts to keep cloud data and applications secured. Is it right for your organization? Continue Reading
By
- Dave Shackleford, Voodoo Security
Definition 31 Jan 2025
What is a certificate revocation list (CRL) and how is it used?

A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date. Continue Reading
By
- Rahul Awati
- Michael Cobb
Definition 31 Jan 2025
What is biometric verification?

Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits. Continue Reading
By
- Michael Cobb
- Alexander S. Gillis, Technical Writer and Editor
- Rahul Awati
Definition 31 Jan 2025
What is biometrics?

Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
Definition 30 Jan 2025
What is a password?

A password is a string of characters used to verify the identity of a user during the authentication process. Continue Reading
By
- Rahul Awati
- Madelyn Bacon, TechTarget
Tip 27 Jan 2025
How to change the password of an RDP session

Password expiration policies are key to maintaining data security, so users need easy access to a password change utility whether they are on a local PC or a remote desktop. Continue Reading
By
- Chris Twiest, RawWorks
Definition 24 Jan 2025
What is SAML (Security Assertion Markup Language)?

Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems. Continue Reading
By
- Kinza Yasar, Technical Writer
- Peter Loshin, Former Senior Technology Editor
Definition 23 Jan 2025
What is SSL (Secure Sockets Layer)?

SSL (Secure Sockets Layer) is a networking protocol that secures connections between web clients and web servers over internal networks or the internet by encrypting the data sent between those clients and servers. Continue Reading
By
- Rahul Awati
- Michael Cobb
- Peter Loshin, Former Senior Technology Editor
News 21 Jan 2025
Threat actors abusing Microsoft Teams in ransomware attacks

Sophos researchers observed two separate threat campaigns in which attackers used Microsoft Teams to pose as IT support personnel and gain access to victims' systems. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 17 Jan 2025
Adopt passkeys over passwords to improve UX, drive revenue

Password use leads to higher UX friction and lost sales because customers want a smoother sign-in experience. Passkeys can simplify authentication and improve UX. Continue Reading
By
- Andrew Shikiar, Dhiraj Kumar
News 16 Jan 2025
Threat actor publishes data of 15K hacked FortiGate firewalls

Although the threat actor published the alleged stolen Fortinet FortiGate firewall data this week, the data is apparently tied to older zero-day exploitation from 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jan 2025
FBI removes Chinese PlugX malware from 4,258 U.S. computers

The FBI did not inform individuals that it deleted PlugX malware from users' computers beforehand, citing the possibility of Chinese state-sponsored hackers making adjustments. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 03 Jan 2025
The basics drive 2025 identity security investments

New identity security tech might steal headlines, but Informa TechTarget's Enterprise Strategy Group analyst Todd Thiemann shows the basics get the most attention from businesses. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 02 Jan 2025
Dozens of Chrome extensions hacked in threat campaign

Although data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 23 Dec 2024
What is a public key and how does it work?

In cryptography, a public key is a large numerical value that is used to encrypt data. Continue Reading
By
- Rahul Awati
Feature 20 Dec 2024
Identity and access management tools and features for 2025

The IAM tool marketplace is complex and ever-changing. Learn about key features and how to discern what your organization needs before approaching potential providers. Continue Reading
By
- Ed Moyle, SecurityCurve
News 19 Dec 2024
BeyondTrust SaaS instances breached in cyberattack

BeyondTrust, a privileged access management vendor, patched two vulnerabilities this week after attackers compromised SaaS instances for a 'limited number' of customers. Continue Reading
By
- Arielle Waldman, News Writer
Feature 19 Dec 2024
10 cybersecurity predictions for 2025

AI will still be a hot topic in 2025, but don't miss out on other trends, including initial access broker growth, the rise of vCISOs, tech rationalization and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Answer 19 Dec 2024
How bad is generative AI data leakage and how can you stop it?

Mismanaged training data, weak models, prompt injection attacks can all lead to data leakage in GenAI, with serious costs for companies. The good news? Risks can be mitigated. Continue Reading
By
- Chris Tozzi
Definition 19 Dec 2024
What is a public key certificate?

A public key certificate is a digitally signed document that serves to validate the sender's authorization and name. Continue Reading
By
- Rahul Awati
News 18 Dec 2024
CISA issues mobile security guidance following China hacks

Following the Salt Typhoon attacks, CISA offers advice to 'highly targeted' individuals, such as using end-to-end encryption and moving away from purely SMS-based MFA. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 17 Dec 2024
Are password managers safe for enterprise use?

Password managers have benefits, but they are also subject to attacks that can put organizations at substantial risk. So, are they safe? Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Tip 17 Dec 2024
The pros and cons of biometric authentication

Biometric authentication can be a solid supplement to passwords when securing data and systems. But understanding potential drawbacks, and planning to minimize them, is essential. Continue Reading
By
- Char Sample, ICF International
Definition 17 Dec 2024
What is passwordless authentication?

Passwordless authentication allows a user to sign into a service without using a password. This is often done using certificates, security tokens, one-time passwords (OTPs) or biometrics. Continue Reading
By
- Kinza Yasar, Technical Writer
- Gavin Wright
- Alexander S. Gillis, Technical Writer and Editor
Definition 17 Dec 2024
What is PKI (public key infrastructure)?

PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital certificates and public key encryption. Continue Reading
By
- Rahul Awati
Guest Post 13 Dec 2024
Migrate to passwordless to enhance security and UX

Transitioning to passwordless authentication enables organizations to strengthen user account and sensitive data security without adding UX friction for end users. Continue Reading
By
- Ant Allan
Tip 12 Dec 2024
9 identity and access management trends to watch in 2025

Identity threats continue to change and so, too, do the defenses developed to address those security challenges. Be ready for what's coming next in IAM. Continue Reading
By
- Phil Sweeney, Industry Editor
Tip 12 Dec 2024
7 must-know IAM standards in 2025

Does your IAM program need OAuth or OpenID Connect? Or maybe both? Let's look at the various standards and protocols that make identity management function. Continue Reading
By
- Sean Michael Kerner
Opinion 12 Dec 2024
Nonhuman identity security is getting board-level attention

Has your organization addressed nonhuman identity security? NHI attacks are becoming more prevalent and need to be a part of enterprise security strategies. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 11 Dec 2024
What is identity and access management? Guide to IAM

No longer just a good idea, IAM is a crucial piece of the cybersecurity puzzle. It's how an organization regulates access to information and meets its compliance obligations. Continue Reading
By
- Phil Sweeney, Industry Editor
- Sandra Gittlen
News 10 Dec 2024
Citrix NetScaler devices targeted in brute force campaign

Citrix advised NetScaler customers to ensure that their devices are fully updated and properly configured to defend against the recent spike in brute force attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 09 Dec 2024
What is user authentication?

User authentication refers to the process of verifying the identity of a user attempting to gain access to a computer network, system or device. This process runs in the background and can be done through different means, such as asking the user to enter a password, provide a PIN or provide a fingerprint. Continue Reading
By
- Rahul Awati
Feature 06 Dec 2024
Passkey vs. password: What is the difference?

Companies are turning to passkeys as a secure login for consumers. Passkeys make it more difficult for thieves to steal information, and they are also more convenient for users. Continue Reading
By
- Amanda Hetler, Senior Editor
News 04 Dec 2024
FBI: Criminals using AI to commit fraud 'on a larger scale'

As AI technology becomes more widely adopted, attackers are abusing it for their scams, which the FBI says are becoming increasingly more difficult to detect. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Dec 2024
FOSS security concerns increase amid widespread adoption

A new report from the Linux Foundation, OpenSSF and Harvard University calls for transparency and standardization to address growing security risks in open source software. Continue Reading
By
- Arielle Waldman, News Writer
Tip 02 Dec 2024
8 best practices for a bulletproof IAM strategy

IAM systems help to enable secure access to applications and resources. But to benefit from IAM -- and avoid a security failure -- teams must be ready to meet the challenges. Continue Reading
By
- Sean Michael Kerner
Tip 20 Nov 2024
4 types of access control

Access management is the gatekeeper, making sure a device or person can gain entry only to the systems or applications to which they have been granted permission. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Tip 20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM

Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 19 Nov 2024
What skills are needed for a successful career in IAM?

In the zero-trust era, identity management is critical to an organization's cybersecurity posture. What skills are required to transition into a career in IAM? Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Tip 19 Nov 2024
Biometric privacy and security challenges to know

Fingerprints and facial scans can make identity access more convenient than passwords, but biometric tools present significant ethical and legal challenges. Continue Reading
By
- Mary K. Pratt
News 18 Nov 2024
Chinese APT exploited unpatched Fortinet zero-day flaw

Volexity reported that a Chinese APT actor exploited a zero-day vulnerability in Fortinet's Windows VPN FortiClient software that enables credentials to be stolen from a system. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 18 Nov 2024
What is acceptable use policy (AUP)?

An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to or use of a corporate network, the internet or other computing resources. Continue Reading
By
- Paul Kirvan
News 15 Nov 2024
MFA required for AWS Organizations member accounts in 2025

AWS is one of several cloud providers that will implement MFA requirements over the next year, with other relevant names including Google Cloud and Microsoft Azure. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 14 Nov 2024
What is identity governance and administration (IGA)?

Identity governance and administration (IGA) is the collection of processes and practices used to manage user digital identities and their access throughout the enterprise. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor