Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

Opinion 09 May 2025
RSAC 2025 Conference: Identity security highlights

RSAC 2025 Conference was abuzz with talk about agentic AI and tool convergence. Analyst Todd Thiemann shares how these trends affect identity security. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Feature 30 Apr 2025
RSAC Conference 2025 video reports

We chatted on camera with attendees and presenters at RSAC 2025. Check out this video collection to get highlights from one of the world's major cybersecurity conferences. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor

Definition 10 Oct 2023
password entropy

Password entropy is a measurement of a password's strength based on how difficult it would be to crack the password through guessing or a brute-force attack. Continue Reading
By
- Robert Sheldon
Definition 06 Oct 2023
risk-based authentication (RBA)

Risk-based authentication (RBA) is an authentication method in which varying levels of stringency are applied to a system’s authentication process based on the likelihood that access to that system could result in its compromise. Continue Reading
By
- Rahul Awati
News 04 Oct 2023
Okta debuts passkey support to combat account compromises

The identity and access management vendor introduced products and features that addressed new social engineering techniques that require additional security measures beyond MFA. Continue Reading
By
- Arielle Waldman, News Writer
Definition 26 Sep 2023
Protected Extensible Authentication Protocol (PEAP)

Protected Extensible Authentication Protocol (PEAP) is a security protocol commonly used to protect wireless networks. Continue Reading
By
- Robert Sheldon
Definition 26 Sep 2023
principle of least privilege (POLP)

The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 25 Sep 2023
Dallas doles out $8.5M to remediate May ransomware attack

The city of Dallas provided a detailed attack timeline that showed Royal threat actors compromised a service account a month before ransomware was deployed. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 Sep 2023
How to add digital signatures to a PDF

Organizations use digital signatures to secure agreements. Common document applications, such as Adobe Acrobat and macOS Preview, let users quickly add digital signatures to PDFs. Continue Reading
By
- Jordan Jones
Opinion 21 Sep 2023
Strong identity security could've saved MGM, Caesars, Retool

Three cyber attacks that featured vishing led to compromised identities, data loss and the interruption of operations. Passwordless authentication could have prevented all three. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 14 Sep 2023
Developer platform Retool breached in vishing attack

A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 12 Sep 2023
Time for an identity security revolution

Identity needs to be the foundational component of the cybersecurity stack, because attackers are primarily after an organization's data. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 11 Sep 2023
Cisco VPN flaw faces attempted Akira ransomware attacks

Cisco said it became aware of 'attempted exploitation' last month and referenced an Aug. 24 security advisory saying its VPNs were under attack by the Akira ransomware gang. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Sep 2023
Okta: 4 customers compromised in social engineering attacks

Okta said a threat actor convinced IT personnel at several customers to reset MFA factors for highly privileged users, though it's unclear how they accomplished that task. Continue Reading
By
- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
Opinion 06 Sep 2023
Identity needs a seat at the cybersecurity table

The shift to the cloud and remote work, combined with the rise of phishing and other identity-related attacks, puts identity security at the forefront of cybersecurity concerns. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 30 Aug 2023
CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security

CrowdStrike's Elia Zaitsev discusses the rise in credential-based attacks, as well as the common errors organizations make in the cloud that often lead to breaches. Continue Reading
By
- Rob Wright, Senior News Director
Definition 30 Aug 2023
biometric authentication

Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
News 29 Aug 2023
Cisco VPNs under attack via Akira, LockBit ransomware

Cisco and Rapid7 say ransomware actors LockBit and Akira have apparently been targeting Cisco VPNs not configured for multifactor authentication. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 24 Aug 2023
How do digital signatures work?

Digital signatures add a level of security to online agreements, which can prevent bad actors from impersonating other individuals or tampering with sensitive contracts. Continue Reading
By
- David Weldon
Definition 23 Aug 2023
BYOI (bring your own identity)

BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication. Continue Reading
By
- Robert Sheldon
- Sharon Shea, Executive Editor
Definition 14 Aug 2023
Directory Services Restore Mode (DSRM)

Directory Services Restore Mode (DSRM) is a Safe Mode boot option for Windows Server domain controllers. Continue Reading
By
- Rahul Awati
Definition 11 Aug 2023
message authentication code (MAC)

A message authentication code (MAC) is a cryptographic checksum applied to a message in network communication to guarantee its integrity and authenticity. Continue Reading
By
- Robert Sheldon
News 09 Aug 2023
Wiz warns of exposed multi-tenant apps in Azure AD

During a Black Hat USA 2023 session, a Wiz researcher explained how a common misconfiguration in Azure Active Directory led to the exposure of nearly 1,300 applications. Continue Reading
By
- Rob Wright, Senior News Director
News 08 Aug 2023
CrowdStrike observes massive spike in identity-based attacks

Identity-based attacks like Kerberoasting saw massive increases over the last 12 months as adversary breakout time fell, according to CrowdStrike's 2023 Threat Hunting Report. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 07 Aug 2023
orphan account

An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner. Continue Reading
By
- TechTarget Contributor
Definition 31 Jul 2023
Common Access Card (CAC)

A Common Access Card (CAC) is a smart card issued by the Unites States Department of Defense for accessing DOD systems and facilities. Continue Reading
By
- Rahul Awati
Definition 28 Jul 2023
national identity card

A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading
By
- Katie Terrell Hanna
Tip 28 Jul 2023
Improve IAM with identity threat detection and response

Attackers increasingly target user accounts to gain access. Identity threat detection and response offers organizations a way to improve security for identity-based systems. Continue Reading
By
- Paul Kirvan
News 25 Jul 2023
DocuSign launches AI-backed live video ID verification tool

The e-signature vendor's new AI-supported identity confirmation tool uses biometrics and live video to verify signers' identity and physical presence at the time of signing. Continue Reading
By
- Mary Reines, News Writer
Tip 19 Jul 2023
How to fit customer experience security into your strategy

Most organizations overlook security in their CX strategies. However, with collaboration, personalization, CIAM controls and more, organizations can offer a secure and positive CX. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Feature 13 Jul 2023
8 best practices for a zero-trust storage strategy

Explore how to apply the zero-trust security model to storage systems. Given today's threat landscape, additional data protection is key for enterprises. Continue Reading
By
- Robert Sheldon
News 12 Jul 2023
Threat actors forged Windows driver signatures via loophole

Threat actors bypassed Microsoft's driver signing policy using a technical loophole and signature timestamp forging tools commonly used in the video game cheat community. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 07 Jul 2023
mobile authentication

Mobile authentication is the verification of a user's identity via a mobile device using one or more authentication methods for secure access. Continue Reading
By
- TechTarget Contributor
News 06 Jul 2023
JumpCloud invalidates API keys in response to ongoing incident

The cloud provider did not give any details about the incident that prompted a mandatory API key rotation, which might have caused service disruptions for customers. Continue Reading
By
- Arielle Waldman, News Writer
Definition 06 Jul 2023
single-factor authentication (SFA)

Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials. Continue Reading
By
- TechTarget Contributor
Definition 05 Jul 2023
knowledge-based authentication

Knowledge-based authentication (KBA) is an authentication method in which users are asked to answer at least one secret question. Continue Reading
By
- TechTarget Contributor
Definition 30 Jun 2023
security token

A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process. Continue Reading
By
- Paul Kirvan
News 27 Jun 2023
ChatGPT users at risk for credential theft

As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 14 Jun 2023
HashiCorp Vault trims SaaS; Boundary hooks up Enterprise

HashiCorp Vault's appeal to a broader field of users gets a boost from a new entry-level cloud service, while a new Boundary Enterprise targets the high end of the market. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 13 Jun 2023
AWS launches EC2 Instance Connect Endpoint, Verified Permissions

At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading
By
- Rob Wright, Senior News Director
Definition 09 Jun 2023
logon (or login)

In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource. Continue Reading
By
- Robert Sheldon
Tip 08 Jun 2023
How to secure blockchain: 10 best practices

Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Tip 07 Jun 2023
6 blockchain use cases for cybersecurity

Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Definition 16 May 2023
decentralized identity

Decentralized identity is an approach to identify and authenticate users and entities without a centralized authority. Continue Reading
By
- Sean Michael Kerner
News 16 May 2023
Coalition: Employee actions are driving cyber insurance claims

After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
By
- Arielle Waldman, News Writer
Definition 11 May 2023
Active Directory functional levels

Active Directory functional levels are controls that specify which advanced Active Directory domain features can be used in an enterprise domain. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
News 10 May 2023
Dragos discloses blocked ransomware attack, extortion attempt

Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 10 May 2023
2023 RSA Conference insights: Generative AI and more

Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways. Continue Reading
By
- Jack Poller
Definition 09 May 2023
claims-based identity

Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions. Continue Reading
By
- Ivy Wigmore
- Linda Rosencrance
Feature 05 May 2023
How to implement principle of least privilege in Azure AD

Restricting users' permissions in Microsoft Azure AD to only what they need to complete their job helps secure and reduce the cloud attack surface. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
News 03 May 2023
Google rolls out passkeys in service of passwordless future

Google referred to its new passkey option, which features facial recognition, fingerprint and PIN-based authentication, as 'the beginning of the end of the password.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 02 May 2023
password manager

A password manager is a technology tool that helps internet users create, save, manage and use passwords across different online services. Continue Reading
By
- Sean Michael Kerner
Definition 02 May 2023
Hash-based Message Authentication Code (HMAC)

Hash-based Message Authentication Code (HMAC) is a message encryption method that uses a cryptographic key in conjunction with a hash function. Continue Reading
By
- Rahul Awati
News 01 May 2023
1Password execs outline shift to passwordless authentication

1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Apr 2023
CrowdStrike details new MFA bypass, credential theft attack

At RSA Conference 2023, CrowdStrike demonstrated an effective technique that a cybercrime group used in the wild to steal credentials and bypass MFA in Microsoft 365. Continue Reading
By
- Rob Wright, Senior News Director
News 25 Apr 2023
Rising AI tide sweeps over RSA Conference, cybersecurity

AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 20 Apr 2023
Microsoft Exchange Online Protection (EOP)

Microsoft Exchange Online Protection (EOP) is a cloud-based service that provides email filtering designed to protect organizations against spam, malware, and other email-based threats. Continue Reading
By
- Katie Terrell Hanna
Definition 17 Apr 2023
Microsoft Azure Key Vault

Microsoft Azure Key Vault is a cloud-based security service offered by Microsoft as part of its Azure platform. Continue Reading
By
- Katie Terrell Hanna
- Tayla Holman, Site Editor
Definition 14 Apr 2023
two-step verification

Two-step verification is a process that involves two authentication steps performed one after the other to verify that someone or something requesting access is who or what they say they are. Continue Reading
By
- Ivy Wigmore
Definition 13 Apr 2023
private CA (private PKI)

A private CA is an enterprise-specific certificate authority that functions like a publicly trusted CA. Continue Reading
By
- Jason Soroko, Sectigo
Tutorial 12 Apr 2023
How to create fine-grained password policy in AD

Fine-grained password policies are a simple and effective way of ensuring password settings meet business requirements. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Tutorial 12 Apr 2023
How to enable Active Directory fine-grained password policies

Specifying multiple password policies customized to specific account types adds another layer to an organization's security posture. Using PSOs instead of Group Policy can help. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Answer 12 Apr 2023
How to use a public key and private key in digital signatures

Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
By
- Joel Dubin
- Katie Donegan, Social Media Manager
Answer 11 Apr 2023
What are the Microsoft 365 password requirements?

When IT administrators manage passwords for Microsoft 365 accounts in Azure AD, they can deploy and remove critical policies that can improve overall security posture. Continue Reading
By
- Brien Posey
News 11 Apr 2023
FTX bankruptcy filing highlights security failures

Debtors claim that defunct cryptocurrency exchange FTX lacked any dedicated security personnel and failed to implement critical access controls for billions of dollars in assets. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 11 Apr 2023
Centralized vs. decentralized identity management explained

With decentralized identity, organizations can worry less about data security and privacy, while users get more control over their information. But it's not without challenges. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
- Kyle Johnson, Technology Editor
Feature 11 Apr 2023
How to use Azure AD Connect synchronization for hybrid IAM

Organizations face many challenges authenticating and authorizing users in hybrid infrastructures. One way to handle hybrid IAM is with Microsoft Azure AD Connect for synchronization. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Opinion 06 Apr 2023
Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 06 Apr 2023
Comparing enabled and enforced MFA in Microsoft 365

When managing Microsoft 365 authentication, IT admins may encounter the distinction between enabled and enforced MFA. Find out what those terms mean. Continue Reading
By
- Gary Olsen
News 06 Apr 2023
119 arrested in Genesis Market takedown

The FBI and Dutch National Police led the takedown of Genesis Market alongside more than a dozen partners, including the U.K., Italy, Spain and Romania. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 05 Apr 2023
deprovisioning

Deprovisioning is the part of the employee lifecycle in which access rights to software and network services are taken away. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 30 Mar 2023
CSR (Certificate Signing Request)

A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). Continue Reading
By
- Sharon Shea, Executive Editor
Definition 30 Mar 2023
authentication factor

An authentication factor is a category of credential that is intended to verify, sometimes in combination with other factors, that an entity involved in some kind of communication or requesting access to some system is who, or what, they are declared to be. Continue Reading
By
- Ivy Wigmore
News 27 Mar 2023
Zoom launches Okta Authentication for E2EE to verify identity

Authenticated Zoom attendees will get a blue shield icon next to their participant name to give enterprises additional security during sensitive meetings. Continue Reading
By
- Arielle Waldman, News Writer
Definition 24 Mar 2023
three-factor authentication (3FA)

Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 20 Mar 2023
FIDO (Fast Identity Online)

FIDO (Fast Identity Online) is a set of technology-agnostic security specifications for strong authentication. Continue Reading
By
- David Strom
Definition 15 Mar 2023
YubiKey

YubiKey is a security token that enables users to add a second authentication factor to online services from tier 1 vendor partners, including Google, Amazon, Microsoft and Salesforce. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 09 Mar 2023
GitHub 2FA plan adds SMS, account lockout safeguards

GitHub has added SMS support and fresh account lockout prevention features to its phased rollout plans as it prepares to implement a 2FA requirement for accounts beginning Monday. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 28 Feb 2023
LastPass breach tied to hack of engineer's home computer

LastPass said a threat actor hacked an employee's home computer to access a corporate password vault and steal decryption keys for its product backups and cloud storage resources. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 23 Feb 2023
Web3 blockchain enables users to take control of identity

A centralized identity model creates security and privacy risks. Decentralized identity through Web3 could mitigate these risks, but companies must adapt to keep pace. Continue Reading
By
- Avivah Litan
Feature 21 Feb 2023
8 best password managers of 2023

A dedicated tool can help simplify password management and improve online security for individuals and enterprises alike. Continue Reading
By
- Ben Lutkevich, Site Editor
Tip 16 Feb 2023
How to filter Security log events for signs of trouble

Certain accounts, such as company executives, will draw unwanted attention from hackers. Learn how to catch these targeted attacks by checking Windows event logs. Continue Reading
By
- Anthony Howell
Definition 16 Feb 2023
E-Sign Act (Electronic Signatures in Global and National Commerce Act)

The E-Sign Act (Electronic Signatures in Global and National Commerce Act) is a U.S. federal law that specifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Tip 16 Feb 2023
Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Definition 08 Feb 2023
reverse brute-force attack

A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Opinion 03 Feb 2023
4 identity predictions for 2023

Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 03 Feb 2023
WebAuthn API

The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web applications authenticate users without storing their passwords on servers. Continue Reading
By
- Linda Rosencrance
Podcast 24 Jan 2023
Risk & Repeat: Another T-Mobile data breach disclosed

This podcast episode discusses the latest T-Mobile breach -- the third in less than three years -- in which a threat actor stole personal data from 37 million customer accounts. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Jan 2023
Customer data, encryption key stolen in GoTo breach

GoTo's breach update follows the recent disclosure made by GoTo subsidiary LastPass, which similarly lost significant sensitive customer data in a breach last year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Jan 2023
Experts applaud expansion of Apple's E2E encryption

Amidst growing privacy concerns and data breach threats, Apple launched Advanced Data Protection for U.S. customers last month to secure almost all data stored in iCloud. Continue Reading
By
- Arielle Waldman, News Writer
Definition 20 Jan 2023
anonymous FTP (File Transfer Protocol)

Anonymous File Transfer Protocol (FTP) is a method for allowing users to access public files from a remote server or archive site without requiring them to identify themselves to the server or site. Continue Reading
By
- Rahul Awati
Opinion 20 Jan 2023
6 cybersecurity buzzwords to know in 2023

Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Podcast 20 Jan 2023
Risk & Repeat: Breaking down the LastPass breach

This podcast episode discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jan 2023
LastPass faces mounting criticism over recent breach

LastPass disclosed a breach last month in which a threat actor stole personal customer information, including billing addresses and encrypted website login details. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 05 Jan 2023
Windows security tips for the enterprise

Securing a Windows environment is no easy feat. Read up on low-hanging fruit to quickly address, as well as top tips from two security practitioners to get started. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 29 Dec 2022
credential theft

Credential theft is a type of cybercrime that involves stealing a victim's proof of identity. Continue Reading
By
- Corinne Bernstein
Definition 29 Dec 2022
self-sovereign identity

Self-sovereign identity (SSI) is a model for managing digital identities in which individuals or businesses have sole ownership over the ability to control their accounts and personal data. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 29 Dec 2022
continuous authentication

Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis. Continue Reading
By
- Corinne Bernstein
Definition 28 Dec 2022
privilege creep

Privilege creep is the gradual accumulation of access rights beyond what individuals need to do their job. Continue Reading
By
- Crystal Bedell
Podcast 21 Dec 2022
Risk & Repeat: OT security progress, threats in 2022

This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and an ever-evolving threat landscape. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Dec 2022
What enumeration attacks are and how to prevent them

Web applications may be vulnerable to user enumeration attacks. Learn how these brute-forcing attacks work and how to prevent them. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 19 Dec 2022
The state of OT security: A rapidly evolving landscape

Security experts weigh in on how the OT security landscape has evolved over the last decade, and where it could be going next as threats continue to mount. Continue Reading
By
- Alexander Culafi, Senior News Writer