Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

News 16 May 2023
Coalition: Employee actions are driving cyber insurance claims

After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
News 10 May 2023
Dragos discloses blocked ransomware attack, extortion attempt

Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading

01 Aug 2019

New tech steers identity and access management evolution

Continue Reading
Opinion 01 Aug 2019

Is your identity management up to the task?

IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle. Continue Reading
01 Aug 2019

Is your identity management up to the task?

Continue Reading
E-Zine 01 Aug 2019

Managing identity and access well unlocks strong security

Continue Reading
Tip 25 Jul 2019

How to limit the cloud security blast radius of credential attacks

Explore how the security blast radius concept, which has admins evaluating how to assess and limit the damage of a threat, can be applied to cloud identity and access management. Continue Reading
News 24 Jul 2019

Citrix breach blamed on poor password security

An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen. Continue Reading
Opinion 24 Jul 2019

What's the difference between a password and a PIN?

A question I've always had but was too afraid to ask when I first learned about passwordless experiences. Continue Reading
Opinion 23 Jul 2019

A look at MobileIron’s zero sign-on and passwordless authentication plans

MobileIron’s “zero sign-on” tech uses phones to authenticate when accessing SaaS apps from unmanaged devices. Continue Reading
News 19 Jul 2019

Enzoic for Active Directory brings continuous password protection

Updates to Enzoic for Active Directory include NIST-compliant Continuous Password Protection, checking passwords against a live database of common or vulnerable passwords. Continue Reading
News 19 Jul 2019

CyberArk brings updates to privileged access security offering

CyberArk introduces CyberArk Alero to its privileged access management product lineup, in addition to other endpoint management and cloud offering updates. Continue Reading
Tip 17 Jul 2019

The benefits of IAM can far outweigh the costs

Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network. Continue Reading
News 09 Jul 2019

OneLogin Desktop Pro for Windows reduces password load

By eliminating the need for remote workers to sign into Active Directory to access their network, OneLogin's Desktop Pro for Windows aims to make working remotely easier, according to the vendor. Continue Reading
News 08 Jul 2019

Ipsidy's Identity Portal uses biometrics for secure access

Identity Portal by Ipsidy uses biometric authorization methods to ensure secure account access, enable users to verify changes, protect customers from fraudulent phone calls, and more. Continue Reading
Tip 27 Jun 2019

Where does IMAP security fall short, and how can it be fixed?

Legacy email protocols like IMAP are prime targets for hackers. Fix IMAP security with better configuration, more encryption and multifactor authentication mandates. Continue Reading
Feature 27 Jun 2019

Words to go: Identity and access management security

IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms. Continue Reading
Tip 25 Jun 2019

What identity governance tools can do for your organization

Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading
Feature 21 Jun 2019

Biometric authentication terms to know

Consumers are on board with biometric authentication, but enterprises aren't so sure. Here's a breakdown of the must-know terms for companies considering biometric authentication. Continue Reading
Opinion 20 Jun 2019

Despite recent vulnerabilities, you shouldn’t stop using hardware security keys like Yubikey

No solution is perfect, but these hardware security keys remain an awesome option in keeping accounts secure from attackers! Continue Reading
News 18 Jun 2019

Netskope announces enterprise application security platform

Netskope for Private Access is a cloud-based platform that secures private enterprise applications on public clouds and in on-premises data centers using zero-trust access. Continue Reading
News 17 Jun 2019

YubiKey FIPS recalled from government for reduced randomness

Yubico recalled YubiKey FIPS series devices after discovering an issue leading to reduced randomness in values generated by the keys, which are used by federal agencies. Continue Reading
Tip 07 Jun 2019

3 reasons privilege escalation in the cloud works

Statistics show that many cloud attacks are linked to credential and privilege misuse. Learn three ways threat actors are able to launch privilege escalation attacks in the cloud. Continue Reading
News 05 Jun 2019

Apple single sign-on option promises privacy for users

Apple is preparing its own single sign-on offering, called Sign In with Apple, which will focus on user privacy. But experts are split on how well this will work. Continue Reading
Answer 31 May 2019

Why are fewer companies using SMS 2FA for authentication?

Instead of SMS two-factor authentication, some companies are switching to 2FA through messaging apps and social media platforms. Learn what's behind this authentication trend. Continue Reading
News 17 May 2019

How Google turned 1.5 billion Android phones into 2FA keys

Google product manager Christiaan Brand discusses the journey to making 1.5 billion Android devices work as 2FA security keys and the plan for the future. Continue Reading
Answer 13 May 2019

How does an identity and access management framework work?

A comprehensive identity and access management framework is an IT necessity. But how do the two components work together? Continue Reading
Opinion 07 May 2019

We talk a lot about access and authentication, but what about revoking user access?

Google hopes to make it easier with their proposed Continuous Access Evaluation Protocol. Continue Reading
Feature 06 May 2019

5 common authentication factors to know

Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA. Continue Reading
Tip 18 Apr 2019

Identity and access management trends show new access roles

Identity and access management trends reflect a changing cybersecurity landscape. Learn how IAM is changing and what you should do before buying an IAM tool. Continue Reading
Answer 25 Mar 2019

How concerned should I be about a padding oracle attack?

Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks. Continue Reading
News 22 Mar 2019

Study reveals sale of SSL/TLS certificates on dark web

Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate. Continue Reading
News 13 Mar 2019

Citrix data breach report raises more questions

Citrix disclosed a potential data breach blamed on poor password security, but a lack of details about the attack leaves only unconfirmed claims from a single cybersecurity firm. Continue Reading
News 07 Mar 2019

Cryptography techniques must keep pace with threats, experts warn

Cryptographers at RSAC 2019 discussed personal data protection laws and challenges, future threats and the pressure for tech companies to work with law enforcement on decryption. Continue Reading
Answer 19 Feb 2019

How did Signal Desktop expose plaintext passwords?

The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords were put at risk. Continue Reading
Feature 18 Feb 2019

Explore multifactor authentication products in-depth

Discover some of the best multifactor authentication products currently on the market based on target industry and main features to help you make a final buying decision. Continue Reading
News 15 Feb 2019

Ponemon study: Poor password practices remain rampant

More than two-thirds of employees share passwords with colleagues, research reveals. Experts sound off on what's fueling poor password practices and how to solve the problem. Continue Reading
Opinion 11 Feb 2019

Idaptive officially launches their “Next-Gen Access Cloud” IDaaS platform

Next-Gen Access Cloud has a new architecture, and Idaptive will continue to expand its machine learning capabilities. Continue Reading
News 08 Feb 2019

Defense Department eyes behavioral biometrics with new contract

The Department of Defense awards a $2.4 million contract to Twosense.AI in order to create a behavioral biometrics system that can replace the current ID card system. Continue Reading
Podcast 08 Feb 2019

Risk & Repeat: Apple restores enterprise certificates for Facebook, Google

This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity. Continue Reading
News 07 Feb 2019

Gartner: Expanding SOC capabilities a priority for enterprises

Reinvesting in SOCs and crafting clear risk appetite statements made the list of Gartner's top security and risk management trends. Experts sound off on what's driving these trends. Continue Reading
News 06 Feb 2019

Google's Mark Risher: New types of 2FA are 'game changers'

Google's head of account security, Mark Risher, discusses the various types of 2FA and how new options of WebAuthn and U2F are going to be game changers for enterprise. Continue Reading
News 06 Feb 2019

Google's Mark Risher discusses 2FA adoption strategies

Although some types of two-factor authentication have been found to be vulnerable, Google's Mark Risher says 2FA adoption should be the baseline of security for all enterprises. Continue Reading
Feature 05 Feb 2019

Compare the top multifactor authentication vendors

What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products. Continue Reading
Tip 28 Jan 2019

The evolution of the Let's Encrypt certificate authority

Certificate authorities work differently since the open source Let's Encrypt project went into effect. Expert Fernando Gont explains how both CAs and Let's Encrypt operate. Continue Reading
Feature 23 Jan 2019

Three examples of multifactor authentication use cases

When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation. Continue Reading
Feature 23 Jan 2019

Purchasing multifactor authentication tools: What to consider

Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits. Continue Reading
Feature 18 Jan 2019

Exploring multifactor authentication benefits and technology

Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud. Continue Reading
Tip 15 Jan 2019

Updating TLS? Use cryptographic entropy for more secure keys

Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson. Continue Reading
Tip 11 Jan 2019

Key customer identity access management features to consider

Evaluating customer identity access management products is complicated but necessary. Learn what’s new and what you need most right now. Continue Reading
Tip 11 Jan 2019

CIAM vs. IAM: The key differences 'customer' makes

Find out everything you need to know about the nuances that differentiate customer IAM from traditional IAM so that you can implement the CIAM system at your organization. Continue Reading
Tip 17 Dec 2018

For effective customer IAM, bundle security and performance

CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now. Continue Reading
News 14 Dec 2018

Mozilla distrusts all Symantec certificates with Firefox 64 release

News roundup: Mozilla finally removes trust for Symantec certificates with Firefox 64. Plus, Supermicro's investigation challenges Bloomberg Businessweek's report, and more. Continue Reading
Feature 03 Dec 2018

IAM system strategy identifies metrics that work for business

Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
03 Dec 2018

IAM system strategy identifies metrics that work for business

Continue Reading
Podcast 30 Nov 2018

Risk & Repeat: DeepMasterPrints spells trouble for biometrics

This week's Risk & Repeat podcast looks at the future of biometric authentication after researchers unveiled a new approach that uses neural networks to bypass fingerprint scanners. Continue Reading
News 21 Nov 2018

DeepMasterPrints fake fingerprints can fool fingerprint sensors

Researchers have developed AI-generated synthetic fingerprints -- known as DeepMasterPrints -- that can spoof biometric scanners and potentially be used to launch practical attacks. Continue Reading
Podcast 20 Nov 2018

Risk & Repeat: Who's to blame for bad passwords?

This week's Risk & Repeat podcast discusses whether users are responsible for creating and reusing weak passwords or if the technology systems themselves are to blame. Continue Reading
Answer 05 Nov 2018

How can U2F authentication end phishing attacks?

By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb. Continue Reading
Tip 30 Oct 2018

Enterprises should reconsider SMS-based 2FA use after breach

A Reddit breach was triggered by threat actors intercepting SMS messages used to authenticate employees to access sensitive data. Learn why enterprises should reconsider SMS for 2FA. Continue Reading
Tip 17 Oct 2018

How to monitor AWS credentials with the new Trailblazer tool

A security researcher introduced a tool called Trailblazer, which aims to simplify monitoring AWS credentials. Expert Dave Shackleford explains how it can bolster cloud security. Continue Reading
Answer 11 Oct 2018

How did Netflix phishing attacks use legitimate TLS certificates?

Hackers can imitate the design and domain name of popular sites like Netflix to steal credentials. Expert Michael Cobb explains how these Netflix phishing attacks work. Continue Reading
Podcast 08 Oct 2018

Risk & Repeat: Inside the Facebook 2FA fail

This week's Risk & Repeat podcast discusses the latest controversy for Facebook, which has been using two-factor authentication numbers for advertising purposes. Continue Reading
News 03 Oct 2018

DigiCert, Gemalto and ISARA to provide quantum-proof certificates

Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry. Continue Reading
News 27 Sep 2018

Microsoft wants to eliminate passwords -- and there's an app for that

At its Ignite 2018 conference, Microsoft declared an end to the password era and extended support for its Microsoft Authenticator app to Azure AD-connected apps. Continue Reading
Answer 21 Sep 2018

PulseNet: How do improper authentication flaws affect it?

GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works with Judith Myerson. Continue Reading
Tip 11 Sep 2018

What about enterprise identity management for 'non-users'?

Identity and access management for service, machine and application accounts is as important as it is for individuals, so be sure your IAM strategy considers so-called non-users. Continue Reading
Answer 07 Sep 2018

How does a WDC vulnerability put hardcoded passwords at risk?

Several vulnerabilities were found in Western Digital's My Cloud, including one that affects the default hardcoded password. Learn how to avoid such risks with expert Nick Lewis. Continue Reading
Tip 05 Sep 2018

How Azure AD uses cloud access control to protect credentials

Features such as Microsoft Azure AD Smart Lockout and Password Protection add security via trusted authentication. Learn more about cloud access control from expert Ed Moyle. Continue Reading
Feature 24 Aug 2018

Weighing privileged identity management tools' pros and cons

Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company. Continue Reading
Answer 21 Aug 2018

LG network: How can attackers use preauthenticated commands?

A vulnerability was found in the LG network involving remote preauthenticated commands. Learn how researchers created a malicious password to show how it issue can be abused. Continue Reading
Feature 16 Aug 2018

OneLogin security chief delivers new security model

How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading
Opinion 15 Aug 2018

With Pwned Passwords API, annoying password policies can finally go away

Update password policies at your company by following the 2017 NIST regulations—improving user experience drastically, and the Pwned Passwords API can help. Continue Reading
Feature 13 Aug 2018

10 unified access management questions for OneLogin CSO Justin Calmus

Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading
Guide 09 Aug 2018

Advances in access governance strategy and technology

Recent advances in IAM policy, strategy and technology are raising companies' ability authenticate identities and manage access to their systems and data. Continue Reading
News 03 Aug 2018

Reddit breach sparks debate over SMS 2FA

Using two-factor authentication with one-time passwords sent via SMS has come under question again after a Reddit breach was blamed on the faulty 2FA method. Continue Reading
News 24 Jul 2018

Physical security keys eliminate phishing at Google

Successful phishing attempts have been eliminated among Google employees following a requirement to use physical security keys in order to gain access to all Google accounts. Continue Reading
News 20 Jul 2018

Cloud misconfigurations can be caused by too many admins

Cloud misconfigurations have reached a point where sensitive data can't be protected with manual control, says BetterCloud's David Politis. And part of the issue is too many admins. Continue Reading
News 20 Jul 2018

Microsoft launches Identity Bounty Program, offers up to $100,000

Microsoft introduced its new Identity Bounty Program that offers up to $100,000 in rewards for reported vulnerabilities in its identity services, such as Azure Active Directory. Continue Reading
News 20 Jul 2018

As AI identity management takes shape, are enterprises ready?

Experts at the Identiverse 2018 conference discussed how artificial intelligence and machine learning are poised to reshape the identity and access management market. Continue Reading
Feature 19 Jul 2018

Security in Network Functions Virtualization

In this excerpt of chapter 4 of Security in Network Functions Virtualization, authors Zonghua Zhang and Ahmed Meddahi discuss Identity and Access Management in NFV. Continue Reading
Tip 11 Jul 2018

The threat of shadow admins in the cloud to enterprises

Having shadow admins in the cloud means unauthorized users can access everything a legitimate administrator can. Expert Ed Moyle explains how this works and how to stop it. Continue Reading
Podcast 06 Jul 2018

Risk & Repeat: Is AI-driven identity management the future?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Identiverse 2018 and how artificial intelligence is being applied to identity and access management. Continue Reading
Tip 03 Jul 2018

Why a zero-trust network with authentication is essential

Zero-trust networks are often deemed compromised and untrusted, making authentication variables essential to security. Expert Matthew Pascucci explains a zero-trust security model. Continue Reading
Opinion 02 Jul 2018

Yubikey is hot in the security space, so we tested the consumer experience

How easy is it to use Yubikey and would I recommend it? Continue Reading
News 29 Jun 2018

GlobalSign, Comodo launch competing IoT security platforms

Rival certificate authorities GlobalSign and Comodo CA have strengthened their presence in the IoT security market with new platforms for connected devices. Continue Reading
News 26 Jun 2018

Ping adds AI-driven API protection with Elastic Beam acquisition

Ping Identity increased its focus on API security with the acquisition of Elastic Beam, a startup that uses artificial intelligence to apply behavioral security on enterprise APIs. Continue Reading
Answer 07 Jun 2018

How does a SAML vulnerability affect single sign-on systems?

Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works. Continue Reading
Tip 01 May 2018

How the BloodHound tool can improve Active Directory security

Auditing Active Directory can be made easier with tools like the open source BloodHound tool. Expert Joe Granneman looks at the different functions of the tool and how it can help. Continue Reading
News 27 Apr 2018

Sexy, but stupid: Biometrics security requires balancing risks

When it comes to biometrics, security coexists with stupidity, unless implementers take the time to understand the limits, according to Adam Englander at RSAC 2018. Continue Reading
News 24 Apr 2018

Akamai touts network perimeter security shifts, zero-trust model

As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model. Continue Reading
News 16 Apr 2018

SSH announces new key and certificate management service

A new key and certificate management service is now offered by SSH, which teamed up with AppViewX to provide a way to administer cryptographic keys and digital certificates. Continue Reading
Answer 12 Apr 2018

Will biometric authentication systems replace passwords?

Biometric authentication systems have gained traction on mobile devices, but when will they become dominant within the enterprise? Expert Bianca Lopes weighs in on the topic. Continue Reading
Tip 11 Apr 2018

How TLS mutual authentication for cloud APIs bolsters security

Secure access to cloud APIs is necessary but challenging. One viable option to combat that is TLS mutual authentication, according to expert Ed Moyle. Continue Reading
News 10 Apr 2018

WebAuthn API gets standards nod from W3C, FIDO Alliance

W3C and the FIDO Alliance have given websites a new tool for doing FIDO-compliant authentication, as the WebAuthn authentication protocol is promoted to W3C Candidate Recommendation. Continue Reading
Podcast 07 Mar 2018

Risk & Repeat: Trustico certificate drama a cause for concern

In this week's Risk & Repeat podcast, SearchSecurity editors discuss how a controversial move by reseller Trustico led to 23,000 Symantec SSL certificates being revoked. Continue Reading
News 02 Mar 2018

23,000 Symantec certificates revoked following leak of private keys

DigiCert revoked 23,000 Symantec SSL certificates amid a public spat between the company and former reseller partner Trustico, which claimed the certificates were 'compromised.' Continue Reading
Answer 28 Feb 2018

Single sign-on best practices: How can enterprises get SSO right?

Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good start. Here's how to do it. Continue Reading
News 27 Feb 2018

New SAML vulnerability enables abuse of single sign-on

Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords. Continue Reading
Blog Post 23 Feb 2018

Facebook's 2FA bug lands social media giant in hot water

Facebook came under fire after a two-factor authentication bug sent non-security notifications to users' phones, sparking a debate about media coverage and 2FA adoption. Continue Reading
Blog Post 08 Feb 2018

Symantec's untrusted certificates: How many are still in use?

A security researcher found that a significant number of popular websites are still using untrusted certificates from Symantec, which will be invalidated this year. Continue Reading
Tip 01 Feb 2018

Bypassing facial recognition: The means, motive and opportunity

Researchers bypassed Apple's facial recognition authentication program, Face ID, in under a week. Expert Michael Cobb explains why it's not a major cause for concern for users. Continue Reading

1
2
3
4
5

Networking

Cisco releases plans for Networking Cloud
Cisco's introduction of Networking Cloud lacked technical details and delivery dates for the high-level console for accessing all...
Google interconnects with rival cloud providers
Video platform provider Pexip said Google's Cross-Cloud Interconnect reduced the cost of connecting Google Cloud with Microsoft ...
How to interact with network APIs using cURL, Postman tools
Network engineers can use cURL and Postman tools to work with network APIs. Use cases include getting interface information and ...

CIO

U.S.-China relations hinge on shifting reactionary mindset
Rep. Andy Kim said the U.S. needs to become more proactive in its relationship with China amid growing tensions between the two ...
9 benefits of cryptocurrency in business
Businesses adopting cryptocurrency can potentially improve their financial liquidity, attract new customers, ensure transaction ...
Experts doubt U.S. retaliation following China's Micron ban
The Biden administration likely won't retaliate for China's Micron Technology ban but will continue to play the long game ...

Enterprise Desktop

Apple’s M2 Ultra targets Mac Pro users with a need for speed
Apple debuted it fastest chip to date, the M2 Ultra, featuring new technologies to improve speed and performance. The company ...
How to build a plan for PC and desktop lifecycle management
Comprehensive device-as-a-service plans and full in-house management are two options for desktop lifecycles, but there are plenty...
Best practices for a PC end-of-life policy
Organizations that deploy PCs need a strong and clear policy to handle hardware maintenance, end of life decisions, sustainable ...

Cloud Computing

Cloud experts weigh in on the state of FinOps
Surprised by your cloud bill? Experts weigh in on the rising popularity of FinOps, the art of building a FinOps strategy and the ...
Dell Apex updates support enterprise 'cloud to ground' moves
Dell's latest Apex updates puts the company in a position to capitalize on the hybrid, multi-cloud and edge computing needs of ...
Prepare for the Azure Security Engineer Associate certification
Are you ready to boost your resume or further your cloud career path? Review this preparation guide to get ready for Exam AZ-500 ...

ComputerWeekly.com

Keeping your culture as the business scales
Three guiding principles will help businesses stay true to their roots as they grow and change
UKtech50 2023: The most influential people in UK technology
Computer Weekly has announced the 13th annual UKtech50 – our definitive list of the movers and shakers in the UK tech sector
UKtech50 2023 winner: Michelle Donelan/Chloe Smith, secretary of state, DSIT
Computer Weekly looks at the achievements and successes of the Department for Science, Innovation and Technology, as its ...

Close