Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

News 05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models

Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
Feature 01 Dec 2023
How to solve 2 MFA challenges: SIM swapping and MFA fatigue

While MFA improves account security, attacks still exploit it. Learn about two MFA challenges -- SIM swapping and MFA fatigue -- and how to mitigate them. Continue Reading

Answer 16 Jun 2020

6 key identity and access management benefits

Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework. Continue Reading
Answer 16 Jun 2020

Identity management vs. authentication: Know the difference

Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access management framework. Continue Reading
Tip 15 Jun 2020

In biometrics, security concerns span technical, legal and ethical

Biometrics are increasingly being used for enterprise security, but they are not without technical, legal and ethical concerns, which teams must address before deployment. Continue Reading
Tip 11 Jun 2020

3 key identity management tips to streamline workflows

Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started. Continue Reading
Tip 09 Jun 2020

How to ensure security for 3 types of digital identity

Enterprise identity and access management strategies must include processes for managing and securing three types of digital identity. Learn how. Continue Reading
Feature 05 Jun 2020

How to build an effective IAM architecture

Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization. Continue Reading
Tip 03 Jun 2020

4 essential identity and access management best practices

Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program. Continue Reading
Feature 27 May 2020

Top 3 advantages of smart cards -- and potential disadvantages

As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
News 23 Apr 2020

COVID-19 strains critical certificate authority processes

Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19. Continue Reading
News 08 Apr 2020

Researchers beat fingerprint authentication with 3D printing scheme

New research by Cisco Talos shows popular fingerprint scanning technology can be defeated by lifting actual fingerprints and reproducing them through 3D printers. Continue Reading
Tip 06 Apr 2020

SASE identity policies enhance security and access control

Will the Secure Access Service Edge model be the next big thing in network security? Learn how SASE's expanded definition of identity is fundamental to this emerging access model. Continue Reading
Opinion 12 Mar 2020

The future of facial recognition after the Clearview AI data breach

The company that controversially scrapes data from social media sites for law enforcement clients announced a data breach. What does it mean for the future of facial recognition? Continue Reading
Opinion 03 Mar 2020

Idaptive adds new remote employee onboarding option & passwordless authentication to Next-Gen Access

Seeing more and more vendors jump on the passwordless train makes my heart swell! Continue Reading
Tip 25 Feb 2020

Tackle identity management in the cloud with AaaS or IDaaS

Has your organization considered outsourcing cloud identity management? Learn more about the benefits of AaaS, aka IDaaS, and what to consider before settling on a particular service. Continue Reading
Feature 18 Feb 2020

Zero-trust model case study: One CISO's experience

Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises. Continue Reading
Opinion 10 Feb 2020

Idaptive is taking machine learning for authentication and applying it to authorization

We’ve seen AI/ML/analytics used for figuring out if a user is who they say they are. Now, how about if they’re doing what they should? Continue Reading
Feature 31 Jan 2020

Can IDaaS adoption improve enterprise security posture?

Experts suggest enterprises consider identity as a service as organizations' data management needs grow and access management becomes more complex. Continue Reading
Opinion 27 Jan 2020

Where does 1Password Enterprise Password Manager fit in the EUC landscape?

Reduce the chance of a breach due to poor password habits with password vaulting. Continue Reading
News 23 Jan 2020

AWS leak exposes passwords, private keys on GitHub

UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys. Continue Reading
Answer 22 Jan 2020

What are the most common digital authentication methods?

In order to build and maintain a comprehensive access management program, enterprise leaders must get to know the various forms of digital authentication at their disposal. Continue Reading
Answer 21 Jan 2020

How effective are traditional authentication methods?

Are you up to date on the most popular digital authentication methods and their potential cybersecurity risks? Learn how the right technology can improve and secure access management. Continue Reading
Tip 02 Jan 2020

5 steps to a secure cloud control plane

A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are five steps to a secure cloud control plane. Continue Reading
Opinion 17 Dec 2019

Login.gov starts to fill the gap between social logins and enterprise identities

Access federal services with a service designed for governmental use but that uses common standards. Continue Reading
News 13 Dec 2019

RSA teams up with Yubico for passwordless authentication

RSA Security joined forces with Yubico to eliminate passwords within the enterprise. RSA's Jim Ducharme explains what it will take to the reach the 'last mile' of the pursuit. Continue Reading
Tip 20 Nov 2019

How to use and manage BitLocker encryption

Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it. Continue Reading
News 07 Nov 2019

SSL certificate abuse drives growing number of phishing attacks

Phishing attacks against the United Nations and humanitarian organizations show how threat actors are weaponizing valid SSL certificates and how hard it is to stop the abuse. Continue Reading
Opinion 29 Oct 2019

How to go passwordless if not all your apps support modern authentication standards

We want to eliminate passwords ASAP, unfortunately, some older apps can stand in the way of progress—thankfully, some identity providers devised solutions. Continue Reading
Tip 22 Oct 2019

How to address cloud IAM challenges

Cloud services are major players in most companies now and can have a major impact on the management of access and identity governance. Learn how to handle cloud IAM challenges. Continue Reading
Opinion 17 Oct 2019

Okta competing with Microsoft, Google, and others in passwordless offerings

While giants Microsoft and Google try leading the passwordless charge, Okta also plans to help organizations cut down on password use. Continue Reading
Opinion 14 Oct 2019

Okta is making big investments in on-premises identity

Okta is also working to bring more context into access decisions. Continue Reading
Opinion 09 Oct 2019

How far is Google going in eliminating passwords?

We looked at Microsoft, let’s see how a couple other vendors are doing as well, starting with Google. Continue Reading
News 03 Oct 2019

Ping Identity launches identity and access management tool

PingCentral aims to streamline the identity and access management processes and bridge the gap between IAM teams and application teams to improve productivity. Continue Reading
Opinion 24 Sep 2019

When will we finally ditch passwords? Here’s Microsoft’s 4-step plan

Let’s be honest, passwords suck, and vendors are working to eliminate or reduce our reliance on them—what is Microsoft’s roadmap? Continue Reading
News 17 Sep 2019

Researcher finds digital certificate fraud used to spread malware

A new certificate fraud scheme involves a threat actor impersonating company execs to purchase certs which are then resold to those looking to spread malware. Continue Reading
Opinion 17 Sep 2019

A look at ID proofing: bootstrapping a digital ID using a mobile device and physical ID

For the moment, it’s more for B2C than for employees, but it’s poised to keep spreading. Continue Reading
Answer 16 Sep 2019

What's the purpose of CAPTCHA technology and how does it work?

Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums and blog comment sections. Continue Reading
News 08 Aug 2019

'Dupe' there it is: SAML authentication bypass threatens Microsoft

Micro Focus security researchers demonstrated a new technique, dubbed 'dupe key confusion,' which allows threat actors to bypass Microsoft's SAML token validation. Continue Reading
News 02 Aug 2019

CloudKnox Security adds privileged access features to platform

CloudKnox Security updated its Cloud Security Platform with features such as Privilege-on-Demand, Auto-Remediation for Machine Identities and Anomaly Detection. Continue Reading
Feature 01 Aug 2019

New tech steers identity and access management evolution

IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets. Continue Reading
01 Aug 2019

New tech steers identity and access management evolution

Continue Reading
Opinion 01 Aug 2019

Is your identity management up to the task?

IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle. Continue Reading
01 Aug 2019

Is your identity management up to the task?

Continue Reading
E-Zine 01 Aug 2019

Managing identity and access well unlocks strong security

Continue Reading
Tip 25 Jul 2019

How to limit the cloud security blast radius of credential attacks

Explore how the security blast radius concept, which has admins evaluating how to assess and limit the damage of a threat, can be applied to cloud identity and access management. Continue Reading
News 24 Jul 2019

Citrix breach blamed on poor password security

An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen. Continue Reading
Opinion 24 Jul 2019

What's the difference between a password and a PIN?

A question I've always had but was too afraid to ask when I first learned about passwordless experiences. Continue Reading
Opinion 23 Jul 2019

A look at MobileIron’s zero sign-on and passwordless authentication plans

MobileIron’s “zero sign-on” tech uses phones to authenticate when accessing SaaS apps from unmanaged devices. Continue Reading
News 19 Jul 2019

Enzoic for Active Directory brings continuous password protection

Updates to Enzoic for Active Directory include NIST-compliant Continuous Password Protection, checking passwords against a live database of common or vulnerable passwords. Continue Reading
News 19 Jul 2019

CyberArk brings updates to privileged access security offering

CyberArk introduces CyberArk Alero to its privileged access management product lineup, in addition to other endpoint management and cloud offering updates. Continue Reading
Tip 17 Jul 2019

The benefits of IAM can far outweigh the costs

Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network. Continue Reading
News 09 Jul 2019

OneLogin Desktop Pro for Windows reduces password load

By eliminating the need for remote workers to sign into Active Directory to access their network, OneLogin's Desktop Pro for Windows aims to make working remotely easier, according to the vendor. Continue Reading
News 08 Jul 2019

Ipsidy's Identity Portal uses biometrics for secure access

Identity Portal by Ipsidy uses biometric authorization methods to ensure secure account access, enable users to verify changes, protect customers from fraudulent phone calls, and more. Continue Reading
Tip 27 Jun 2019

Where does IMAP security fall short, and how can it be fixed?

Legacy email protocols like IMAP are prime targets for hackers. Fix IMAP security with better configuration, more encryption and multifactor authentication mandates. Continue Reading
Feature 27 Jun 2019

Words to go: Identity and access management security

IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms. Continue Reading
Tip 25 Jun 2019

What identity governance tools can do for your organization

Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading
Feature 21 Jun 2019

Biometric authentication terms to know

Consumers are on board with biometric authentication, but enterprises aren't so sure. Here's a breakdown of the must-know terms for companies considering biometric authentication. Continue Reading
Opinion 20 Jun 2019

Despite recent vulnerabilities, you shouldn’t stop using hardware security keys like Yubikey

No solution is perfect, but these hardware security keys remain an awesome option in keeping accounts secure from attackers! Continue Reading
News 18 Jun 2019

Netskope announces enterprise application security platform

Netskope for Private Access is a cloud-based platform that secures private enterprise applications on public clouds and in on-premises data centers using zero-trust access. Continue Reading
News 17 Jun 2019

YubiKey FIPS recalled from government for reduced randomness

Yubico recalled YubiKey FIPS series devices after discovering an issue leading to reduced randomness in values generated by the keys, which are used by federal agencies. Continue Reading
Tip 07 Jun 2019

3 reasons privilege escalation in the cloud works

Statistics show that many cloud attacks are linked to credential and privilege misuse. Learn three ways threat actors are able to launch privilege escalation attacks in the cloud. Continue Reading
News 05 Jun 2019

Apple single sign-on option promises privacy for users

Apple is preparing its own single sign-on offering, called Sign In with Apple, which will focus on user privacy. But experts are split on how well this will work. Continue Reading
Answer 31 May 2019

Why are fewer companies using SMS 2FA for authentication?

Instead of SMS two-factor authentication, some companies are switching to 2FA through messaging apps and social media platforms. Learn what's behind this authentication trend. Continue Reading
News 17 May 2019

How Google turned 1.5 billion Android phones into 2FA keys

Google product manager Christiaan Brand discusses the journey to making 1.5 billion Android devices work as 2FA security keys and the plan for the future. Continue Reading
Answer 13 May 2019

How does an identity and access management framework work?

A comprehensive identity and access management framework is an IT necessity. But how do the two components work together? Continue Reading
Opinion 07 May 2019

We talk a lot about access and authentication, but what about revoking user access?

Google hopes to make it easier with their proposed Continuous Access Evaluation Protocol. Continue Reading
Feature 06 May 2019

5 common authentication factors to know

Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA. Continue Reading
Tip 18 Apr 2019

Identity and access management trends show new access roles

Identity and access management trends reflect a changing cybersecurity landscape. Learn how IAM is changing and what you should do before buying an IAM tool. Continue Reading
Answer 25 Mar 2019

How concerned should I be about a padding oracle attack?

Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks. Continue Reading
News 22 Mar 2019

Study reveals sale of SSL/TLS certificates on dark web

Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate. Continue Reading
News 13 Mar 2019

Citrix data breach report raises more questions

Citrix disclosed a potential data breach blamed on poor password security, but a lack of details about the attack leaves only unconfirmed claims from a single cybersecurity firm. Continue Reading
News 07 Mar 2019

Cryptography techniques must keep pace with threats, experts warn

Cryptographers at RSAC 2019 discussed personal data protection laws and challenges, future threats and the pressure for tech companies to work with law enforcement on decryption. Continue Reading
Answer 19 Feb 2019

How did Signal Desktop expose plaintext passwords?

The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords were put at risk. Continue Reading
Feature 18 Feb 2019

Explore multifactor authentication products in-depth

Discover some of the best multifactor authentication products currently on the market based on target industry and main features to help you make a final buying decision. Continue Reading
News 15 Feb 2019

Ponemon study: Poor password practices remain rampant

More than two-thirds of employees share passwords with colleagues, research reveals. Experts sound off on what's fueling poor password practices and how to solve the problem. Continue Reading
Opinion 11 Feb 2019

Idaptive officially launches their “Next-Gen Access Cloud” IDaaS platform

Next-Gen Access Cloud has a new architecture, and Idaptive will continue to expand its machine learning capabilities. Continue Reading
News 08 Feb 2019

Defense Department eyes behavioral biometrics with new contract

The Department of Defense awards a $2.4 million contract to Twosense.AI in order to create a behavioral biometrics system that can replace the current ID card system. Continue Reading
Podcast 08 Feb 2019

Risk & Repeat: Apple restores enterprise certificates for Facebook, Google

This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity. Continue Reading
News 07 Feb 2019

Gartner: Expanding SOC capabilities a priority for enterprises

Reinvesting in SOCs and crafting clear risk appetite statements made the list of Gartner's top security and risk management trends. Experts sound off on what's driving these trends. Continue Reading
News 06 Feb 2019

Google's Mark Risher: New types of 2FA are 'game changers'

Google's head of account security, Mark Risher, discusses the various types of 2FA and how new options of WebAuthn and U2F are going to be game changers for enterprise. Continue Reading
News 06 Feb 2019

Google's Mark Risher discusses 2FA adoption strategies

Although some types of two-factor authentication have been found to be vulnerable, Google's Mark Risher says 2FA adoption should be the baseline of security for all enterprises. Continue Reading
Feature 05 Feb 2019

Compare the top multifactor authentication vendors

What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products. Continue Reading
Tip 28 Jan 2019

The evolution of the Let's Encrypt certificate authority

Certificate authorities work differently since the open source Let's Encrypt project went into effect. Expert Fernando Gont explains how both CAs and Let's Encrypt operate. Continue Reading
Feature 23 Jan 2019

Three examples of multifactor authentication use cases

When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation. Continue Reading
Feature 23 Jan 2019

Purchasing multifactor authentication tools: What to consider

Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits. Continue Reading
Feature 18 Jan 2019

Exploring multifactor authentication benefits and technology

Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud. Continue Reading
Tip 15 Jan 2019

Updating TLS? Use cryptographic entropy for more secure keys

Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson. Continue Reading
Tip 11 Jan 2019

Key customer identity access management features to consider

Evaluating customer identity access management products is complicated but necessary. Learn what’s new and what you need most right now. Continue Reading
Tip 11 Jan 2019

CIAM vs. IAM: The key differences 'customer' makes

Find out everything you need to know about the nuances that differentiate customer IAM from traditional IAM so that you can implement the CIAM system at your organization. Continue Reading
Tip 17 Dec 2018

For effective customer IAM, bundle security and performance

CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now. Continue Reading
News 14 Dec 2018

Mozilla distrusts all Symantec certificates with Firefox 64 release

News roundup: Mozilla finally removes trust for Symantec certificates with Firefox 64. Plus, Supermicro's investigation challenges Bloomberg Businessweek's report, and more. Continue Reading
Feature 03 Dec 2018

IAM system strategy identifies metrics that work for business

Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
03 Dec 2018

IAM system strategy identifies metrics that work for business

Continue Reading
Podcast 30 Nov 2018

Risk & Repeat: DeepMasterPrints spells trouble for biometrics

This week's Risk & Repeat podcast looks at the future of biometric authentication after researchers unveiled a new approach that uses neural networks to bypass fingerprint scanners. Continue Reading
News 21 Nov 2018

DeepMasterPrints fake fingerprints can fool fingerprint sensors

Researchers have developed AI-generated synthetic fingerprints -- known as DeepMasterPrints -- that can spoof biometric scanners and potentially be used to launch practical attacks. Continue Reading
Podcast 20 Nov 2018

Risk & Repeat: Who's to blame for bad passwords?

This week's Risk & Repeat podcast discusses whether users are responsible for creating and reusing weak passwords or if the technology systems themselves are to blame. Continue Reading
Answer 05 Nov 2018

How can U2F authentication end phishing attacks?

By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb. Continue Reading
Tip 30 Oct 2018

Enterprises should reconsider SMS-based 2FA use after breach

A Reddit breach was triggered by threat actors intercepting SMS messages used to authenticate employees to access sensitive data. Learn why enterprises should reconsider SMS for 2FA. Continue Reading
Tip 17 Oct 2018

How to monitor AWS credentials with the new Trailblazer tool

A security researcher introduced a tool called Trailblazer, which aims to simplify monitoring AWS credentials. Expert Dave Shackleford explains how it can bolster cloud security. Continue Reading
Answer 11 Oct 2018

How did Netflix phishing attacks use legitimate TLS certificates?

Hackers can imitate the design and domain name of popular sites like Netflix to steal credentials. Expert Michael Cobb explains how these Netflix phishing attacks work. Continue Reading
Podcast 08 Oct 2018

Risk & Repeat: Inside the Facebook 2FA fail

This week's Risk & Repeat podcast discusses the latest controversy for Facebook, which has been using two-factor authentication numbers for advertising purposes. Continue Reading

1
2
3
4
5

Networking

8 network tasks administrators can do quicker from the CLI
Admins can use the command-line interface to manage network tasks. Learn how to streamline automation, troubleshoot networks and ...
5 phases to build a network automation architecture
The implementation of a network automation architecture involves several elements, including a core orchestration engine, ...
Top 5 use cases for 5G augmented and virtual reality
By integrating augmented and virtual reality technologies with 5G, several industries could reap significant benefits. But beware...

CIO

How to set business goals, step by step
Setting business goals that are detailed and come with deadlines motivates employees and keeps your company on track. Learn how ...
2024 US election guide: Where candidates stand on tech
The next U.S. president will set the tone on issues such as AI regulation, data privacy and climate tech. Where do prominent ...
Top 10 business process management certifications for 2024
These BPM certifications can help you gain the specialized knowledge you need to perform your job better. Get all the details to ...

Enterprise Desktop

12 best patch management software and tools for 2024
These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right ...
Tanium aims to be first with autonomous endpoint management
The new term 'autonomous endpoint management' aims to offer IT teams AI-driven automation that can improve employee experience ...
The 6 best rugged computers for business use cases
Finding the right device for a business scenario can be challenging, and adding rugged conditions to the mix can complicate ...

Cloud Computing

New dev tools at AWS re:Invent shape the future of cloud
Noteworthy tools and updates for developers at AWS re:Invent 2023 included AWS Fault Injection Service, Amazon Q Code ...
Evaluate serverless computing best practices
Serverless computing strategies require enterprises to evaluate tools, features and costs, while understanding application ...
Hybrid cloud connectivity best practices and considerations
Private and public clouds stress networks in different ways and don't always play well together. Here's what to know to set up a ...

ComputerWeekly.com

AT&T taps Ericsson Open RAN to pioneer path to networks of the future
US comms giant inks five-year network transformation agreement with Swedish comms tech company as it aims to pioneer path to ...
Government launches UK-wide Cyber Explorers Cup
Schoolkids across the UK are being called on to team up and defeat Herbert the Hacker in a new government-backed competition
Post Office prioritised its ‘bottom line’ over justice
The Post Office was more concerned with saving money and recovering unexplained losses than getting to the bottom of ...

Close