Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

Opinion 09 May 2025
RSAC 2025 Conference: Identity security highlights

RSAC 2025 Conference was abuzz with talk about agentic AI and tool convergence. Analyst Todd Thiemann shares how these trends affect identity security. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Feature 30 Apr 2025
RSAC Conference 2025 video reports

We chatted on camera with attendees and presenters at RSAC 2025. Check out this video collection to get highlights from one of the world's major cybersecurity conferences. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor

Feature 07 Aug 2024
The dangers of voice deepfakes in the November election

The growth of generative AI has led to more audio cloning technology. This could affect the U.S. election. Recent incidents show that existing safeguards are not effective. Continue Reading
By
- Esther Shittu, News Writer
News 30 Jul 2024
Microsoft: Ransomware gangs exploiting VMware ESXi flaw

VMware ESXi has proven to be a popular target for ransomware threat actors and a challenge for enterprises to patch. Continue Reading
By
- Arielle Waldman, News Writer
Definition 29 Jul 2024
What is SSH (Secure Shell) and How Does It Work?

SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
News 15 Jul 2024
Experts weigh in on Snowflake database MFA features

In response to a wave of recent attacks on customers, Snowflake introduces new authentication offerings that enable administrators to require MFA for all user accounts. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Jul 2024
AT&T breach affects 'nearly all' customers' call, text records

Fallout from the attacks on Snowflake customers continues as AT&T is the latest victim organization to disclose a data breach stemming from a compromised cloud instance. Continue Reading
By
- Arielle Waldman, News Writer
Tip 09 Jul 2024
Use these 6 user authentication types to secure networks

One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
By
- Kyle Johnson, Technology Editor
News 28 Jun 2024
TeamViewer breached by Russian state actor Midnight Blizzard

TeamViewer says a Russian state-sponsored threat actor known as Midnight Blizzard gained accessed to the company's corporate network via compromised employee credentials. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 25 Jun 2024
digital signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or software. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Alexander S. Gillis, Technical Writer and Editor
- Ben Lutkevich, Site Editor
News 24 Jun 2024
Corvus: Cyber insurance premiums see 'stabilization'

Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward. Continue Reading
By
- Arielle Waldman, News Writer
Definition 21 Jun 2024
OpenID (OpenID Connect)

OpenID Connect is an open specification for authentication and single sign-on (SSO). Continue Reading
By
- Rahul Awati
News 20 Jun 2024
How Amazon's decision to ditch Active Directory paid off

Amazon's decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move. Continue Reading
By
- Rob Wright, Senior News Director
Tip 17 Jun 2024
How deepfakes threaten biometric security controls

Biometric security controls are under attack by deepfakes -- convincing images, videos and audio created by generative AI. But all is not lost. Learn how to mitigate the risk. Continue Reading
By
- Jerald Murphy, Nemertes Research
Opinion 12 Jun 2024
Identiverse 2024: Key takeaways in identity security

The 2024 Identiverse conference addressed identity access management challenges, AI's ability to streamline IAM workflows and nonhuman identity management for identity pros. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 10 Jun 2024
Mandiant: 'Exposed credentials' led to Snowflake attacks

According to new threat research, Mandiant is reporting that UNC5537 conducted attacks against Snowflake database customers at least as early as April 14. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 Jun 2024
Tenable warns of vulnerability in Azure service tags

Microsoft disagreed with Tenable's assessment, saying the security issue in Azure service tags is not a vulnerability and that additional authentication layers are required. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Jun 2024
Hugging Face tokens exposed, attack scope unknown

After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Jun 2024
Snowflake: No evidence of platform breach

Snowflake on Saturday issued a joint statement with third-party investigators Mandiant and CrowdStrike denying reports that its platform had been breached. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 May 2024
Threat actor compromising Snowflake database customers

A threat actor tracked as UNC5537 is using stolen credentials against Snowflake database customers to conduct data theft and extortion attacks, cloud security firm Mitiga said. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 May 2024
Check Point warns of threat actors targeting VPNs

Check Point said threat actors were targeting a small number of customers by attempting to compromise local VPN accounts that only utilized passwords for authentication. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 May 2024
CyberArk to acquire Venafi from Thoma Bravo for $1.5B

CyberArk said it intends to help enterprises with the growing number of machine identities, which the company said surpasses human identities by a ratio of 40 to 1. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 May 2024
out-of-band authentication

Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a separate communication channel along with the typical ID and password. Continue Reading
By
- Nick Barney, Technology Writer
Tip 14 May 2024
RSAC panel debates confidence in post-quantum cryptography

The Cryptographers' Panel at RSAC offered opinions on their confidence in PQC following the release of a paper questioning lattice-based encryption's viability. Continue Reading
By
- Kyle Johnson, Technology Editor
News 09 May 2024
Dell 'security incident' might affect millions

Dell notified customers that a company portal connected to customer data exposed orders, names and addresses, while reports indicate the data is now up for sale on the dark web. Continue Reading
By
- Tim McCarthy, News Writer
Tutorial 07 May 2024
How to configure sudo privilege and access control settings

Learn how to use the sudo command for access control configurations, from granting full administrative privileges to delegating roles. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Definition 02 May 2024
What is role-based access control (RBAC)?

Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
Definition 29 Apr 2024
digital identity

A digital identity is the body of information about an individual, organization or electronic device that exists online. Continue Reading
By
- Katie Terrell Hanna
Tip 24 Apr 2024
Traditional MFA isn't enough, phishing-resistant MFA is key

Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Feature 18 Apr 2024
3 Keycloak authorization strategies to secure app access

Keycloak, an open source IAM tool, offers authorization methods, including RBAC, GBAC and OAuth 2.0, that limit what users can access. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Definition 12 Apr 2024
OAuth (Open Authorization)

OAuth (Open Authorization) is an open standard authorization framework for token-based authorization on the internet. Continue Reading
By
Definition 11 Apr 2024
identity management (ID management)

Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to technology resources. Continue Reading
By
- TechTarget Contributor
Opinion 10 Apr 2024
Identity, data security expectations for RSA Conference 2024

Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 10 Apr 2024
single sign-on (SSO)

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications. Continue Reading
By
- Taina Teravainen
Podcast 05 Apr 2024
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task

This podcast episode discusses the Cyber Safety Review Board's report on Microsoft and its conclusion that the software giant must overhaul its security culture. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 28 Mar 2024
retina scan

Retina scanning is a biometric authentication technology that uses an image of an individual's retinal blood vessel pattern as a unique identifying trait for access to secure installations. Continue Reading
By
- Andrew Zola
News 27 Mar 2024
Unpatched flaw in Anyscale's Ray AI framework under attack

Oligo Security researchers say thousands of Ray servers have been compromised through the flaw, but Anyscale said it has received no reports of exploitation. Continue Reading
By
- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
Tutorial 27 Mar 2024
Use sudo insults to add spice to incorrect password attempts

The life of an admin doesn't have to be dry. When a user enters a wrong password, for example, why not respond with a message that says, 'You're fired!' With sudo insults, you can. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 26 Mar 2024
Top.gg supply chain attack highlights subtle risks

Threat actors used fake Python infrastructure and cookie stealing to poison multiple GitHub code repositories, putting another spotlight on supply chain risks. Continue Reading
By
- Alexander Culafi, Senior News Writer
- Beth Pariseau, Senior News Writer
Opinion 26 Mar 2024
Top 6 data security posture management use cases

Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 21 Mar 2024
AWS fixes 'FlowFixation' vulnerability for account hijacking

A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enable account hijacking. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 19 Mar 2024
Risk & Repeat: Microsoft's Midnight Blizzard mess

This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Mar 2024
Researchers warn devs of vulnerabilities in ChatGPT plugins

OpenAI and two third-party providers fixed vulnerabilities in the experimental ChatGPT plugins framework, but Salt Security researchers caution devs that security risks persist. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 13 Mar 2024
What is cryptography?

Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it. Continue Reading
By
- Kathleen Richards
News 12 Mar 2024
Sophos: Remote ransomware attacks on SMBs increasing

According to new research from Sophos, small businesses are seeing a rise in threats such as remotely executed ransomware attacks, malvertising, driver abuse and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 11 Mar 2024
identity provider

An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks. Continue Reading
By
- Ben Lutkevich, Site Editor
News 08 Mar 2024
Midnight Blizzard accessed Microsoft systems, source code

Microsoft said Midnight Blizzard used data stolen from a breach of its corporate email system to access other parts of the company's network, including source code repositories. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 08 Mar 2024
How to create a local admin account with Microsoft Intune

Local admin accounts can cause problems for Windows administrators due to their lack of oversight and privileged account status. Learn how IT can manage these accounts with Intune. Continue Reading
By
- Brien Posey
News 07 Mar 2024
Former Google engineer charged with stealing AI trade secrets

Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company. Continue Reading
By
- Arielle Waldman, News Writer
Definition 29 Feb 2024
phishing

Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 26 Feb 2024
CISA: APT29 targeting cloud accounts for initial access

U.K. and U.S. government agencies have observed the Russian nation-state group increasingly target dormant and inactive cloud service accounts to gain initial access. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Feb 2024
Proofpoint: 'Hundreds' of Azure accounts compromised

Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access. Continue Reading
By
- Rob Wright, Senior News Director
Definition 12 Feb 2024
password spraying

Password spraying is a cyberattack tactic that involves a hacker using a single password to try and break into multiple target accounts. Continue Reading
By
- Ben Lutkevich, Site Editor
Tip 09 Feb 2024
Understand the pros and cons of enterprise password managers

Almost half of breaches occur because of compromised credentials. Using a password manager to control how users create their IDs may be a good step to protect enterprise assets. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
News 06 Feb 2024
Linux group announces Post-Quantum Cryptography Alliance

The Post-Quantum Cryptography Alliance aims to 'drive the advancement and adoption of post-quantum cryptography' and respond to security threats introduced by the emerging tech. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Feb 2024
AnyDesk hacked, details unclear

Of the hack, AnyDesk said it found 'no evidence that any end-user devices have been affected.' But researchers said they saw AnyDesk customer credentials for sale on the dark web. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 05 Feb 2024
6 multi-cloud identity management tips and best practices

The more cloud services organizations adopt, the more identity challenges they face. Follow these five tips to improve multi-cloud identity management. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 02 Feb 2024
Cloudflare discloses breach related to stolen Okta data

Cloudflare initially believed it contained an attempted cyberattack last October by a threat actor using an access token stolen in a breach of Okta's customer support system. Continue Reading
By
- Rob Wright, Senior News Director
Tip 01 Feb 2024
Top 8 cloud IAM best practices to implement

Cloud adds a level of complexity to identity and access management. Be sure to follow these cloud IAM best practices to prevent identity-related security issues. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 31 Jan 2024
7 cloud IAM challenges and how to address them

Cloud use affects how organizations manage access and identity governance. Learn about seven cloud IAM challenges and how to handle them. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tutorial 25 Jan 2024
Using Microsoft AD Explorer for common admin tasks

The utility makes it easier to navigate the Active Directory database and features snapshot capabilities with a comparison function to detect where a change caused a problem. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Tip 22 Jan 2024
How to use a Microsoft Entra ID emergency access account

A break-glass account in Microsoft's identity and access management platform helps avoid disruptions in a crisis. Follow these best practices to keep these credentials safe. Continue Reading
By
- Liam Cleary, SharePlicity
Feature 09 Jan 2024
Top incident response tools: How to choose and use them

The OODA loop helps organizations throughout the incident response process, giving insight into the incident response tools needed to detect and respond to security events. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 03 Jan 2024
SonicWall acquires Banyan to boost zero-trust, SSE offerings

With its second acquisition in two months, SonicWall aims to help enterprises with growing remote workforces through zero-trust network and security service edge offerings. Continue Reading
By
- Arielle Waldman, News Writer
Definition 02 Jan 2024
identity theft

Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else. Continue Reading
By
- Ben Lutkevich, Site Editor
Definition 28 Dec 2023
one-time password

A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login one-time password session. Continue Reading
By
- Kathleen Richards
- Ivy Wigmore
Tip 27 Dec 2023
How to manage a migration to Microsoft Entra ID

Thinking of leaving Active Directory behind? A successful move to Microsoft's cloud-based identity and access management platform hinges on how well you've prepared in advance. Continue Reading
By
- Brien Posey
Tip 27 Dec 2023
What are the Microsoft Entra ID benefits for on-prem admins?

Active Directory's presence looms large for organizations that rely on Microsoft's venerable directory service for a multitude of tasks tied to identity and access. Continue Reading
By
- Brien Posey
Feature 14 Dec 2023
9 cybersecurity trends to watch in 2024

Analysts are sharing their cybersecurity trends and predictions for 2024. From zero-day attacks to generative AI security and increased regulations, is your organization ready? Continue Reading
By
- Kyle Johnson, Technology Editor
News 12 Dec 2023
IBM engineers hatch Linux Foundation HashiCorp Vault fork

IBM engineers working on Open Horizon within the Linux Foundation begin a Vault fork as challenges continue for HashiCorp, which also addressed Terraform Cloud pricing angst. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 07 Dec 2023
adaptive multifactor authentication (adaptive MFA)

Adaptive multifactor authentication (MFA) is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Opinion 06 Dec 2023
Amazon IAM announcements at re:Invent 2023

At AWS re:Invent 2023, Amazon announced several new features around machine and human identities designed to improve identity and access management. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models

Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
By
- Rob Wright, Senior News Director
Feature 01 Dec 2023
How to solve 2 MFA challenges: SIM swapping and MFA fatigue

While MFA improves account security, attacks still exploit it. Learn about two MFA challenges -- SIM swapping and MFA fatigue -- and how to mitigate them. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 01 Dec 2023
5 MFA implementation tips for organizations

Organizations need to protect user accounts from malicious attackers. IAM expert Marco Fanti offers tips organizations can use when implementing MFA. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 28 Nov 2023
privileged identity management (PIM)

Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an organization's IT environments. Continue Reading
By
- Rahul Awati
Feature 27 Nov 2023
How passwordless authentication aids identity security

Enterprise Strategy Group's Jack Poller discusses survey results on user authentication practices and explains the security benefits of passwordless methods. Continue Reading
By
- Craig Stedman, Industry Editor
Definition 21 Nov 2023
possession factor

The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token. Continue Reading
By
- Rahul Awati
Tip 13 Nov 2023
What should admins know about Microsoft Entra features?

Microsoft Entra combines new and existing cloud-based products and packages them under a new name. Learn how this change affects identity access management in your organization. Continue Reading
By
- Brien Posey
Definition 09 Nov 2023
mandatory access control (MAC)

Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. Continue Reading
By
- Rahul Awati
News 08 Nov 2023
FBI: Ransomware actors hacking casinos via third parties

A new Private Industry Notification focuses on ransomware trends involving attacks against casinos as well as a callback phishing campaign perpetrated by the Luna Moth gang. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Nov 2023
Okta breach led to hijacked sessions for 5 customers

Okta provided a detailed timeline of the events surrounding the breach against its customer support case management systems and said five customers had sessions hijacked. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 01 Nov 2023
authentication

Authentication is the process of determining whether someone or something is who or what they say they are. Continue Reading
By
- Nick Barney, Technology Writer
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
Opinion 31 Oct 2023
Collaborate with third parties to ensure enterprise security

Third-party risk is a major threat today, as evidenced in numerous recent breaches. Organizations must work with partners to ensure their data is protected properly. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Podcast 26 Oct 2023
Risk & Repeat: Okta under fire after support system breach

This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 26 Oct 2023
How to create a company password policy, with template

Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
By
- Paul Kirvan
News 24 Oct 2023
1Password stops attack linked to Okta breach

1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Oct 2023
Okta customer support system breached via stolen credentials

During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
By
- Arielle Waldman, News Writer
Definition 20 Oct 2023
soft token

A soft token is a software-based security token that generates a single-use login personal identification number (PIN). Continue Reading
By
- Paul Kirvan
Opinion 18 Oct 2023
SailPoint extends identity security platform with data security

With DAS, privilege access management, AI and other features, SailPoint moves Atlas from an identity governance platform to an identity security platform. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 18 Oct 2023
Mandiant: Citrix zero-day actively exploited since August

Exploitation against CVE-2023-4966 is ongoing, and Mandiant CTO Charles Carmakal warned patching alone is insufficient against potential attacks that leverage MFA bypass techniques. Continue Reading
By
- Arielle Waldman, News Writer
Definition 18 Oct 2023
Google Authenticator

Google Authenticator is a mobile security application that provides a second type of confirmation for websites and online services that use two-factor authentication (2FA) to verify a user's identity before granting him or her access to secure resources. Continue Reading
By
- Robert Sheldon
Definition 17 Oct 2023
Secure Sockets Layer certificate (SSL certificate)

A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a web server that allows for a secure, encrypted connection between the server and a web browser. Continue Reading
By
- Rahul Awati
Definition 16 Oct 2023
central bank digital currency (CBDC)

A central bank digital currency (CBDC) is a digital version of a country's central bank money or fiat currency. Continue Reading
By
- Ben Lutkevich, Site Editor
News 16 Oct 2023
Google Authenticator synchronization raises MFA concerns

Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes. Continue Reading
By
- Arielle Waldman, News Writer
Answer 16 Oct 2023
Best practices to conduct a user access review

User entitlement reviews ensure only authorized users have access to essential systems and data. Uncover the steps of a user access review and helpful best practices. Continue Reading
By
- Sharon Shea, Executive Editor
Definition 12 Oct 2023
Microsoft Windows Credential Guard

Microsoft Credential Guard is a security feature in Microsoft Windows operating system (OS) that isolates user credentials, such as login information, from the rest of the operating system. Continue Reading
By
- Rahul Awati
Tip 11 Oct 2023
Top 6 password hygiene tips and best practices

Passwords enable users to access important accounts and data, making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
By
- Diana Kelley, SecurityCurve
Opinion 11 Oct 2023
Takeaways from Oktane23: Okta AI, universal logout and more

New game-changing security features from Okta speed threat detection and response times, enabling IT pros to log all users out of applications during a cyber attack. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 10 Oct 2023
How to remove digital signatures from a PDF

Digital signatures let organizations execute and secure agreements, but users can remove them if they need to reformat documents or protect signers' privacy. Continue Reading
By
- Jordan Jones
Definition 10 Oct 2023
password entropy

Password entropy is a measurement of a password's strength based on how difficult it would be to crack the password through guessing or a brute-force attack. Continue Reading
By
- Robert Sheldon