Identity and access management
Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.
Top Stories
-
News
03 Oct 2024
Microsoft SFI progress report elicits cautious optimism
Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
30 Sep 2024
Risk & Repeat: Inside the Microsoft SFI progress report
The first Secure Future Initiative progress report highlighted improvements to Microsoft's security posture. But the company still faces major SecOps challenges. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
16 Feb 2023
E-Sign Act (Electronic Signatures in Global and National Commerce Act)
The E-Sign Act (Electronic Signatures in Global and National Commerce Act) is a U.S. federal law that specifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Tip
16 Feb 2023
Web 3.0 security risks: What you need to know
Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Definition
13 Feb 2023
passwordless authentication
Passwordless authentication is signing into a service without using a password. Continue Reading
By- Gavin Wright
- Alexander S. Gillis, Technical Writer and Editor
-
Definition
08 Feb 2023
reverse brute-force attack
A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Opinion
03 Feb 2023
4 identity predictions for 2023
Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more. Continue Reading
By- Jack Poller
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
03 Feb 2023
WebAuthn API
The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web applications authenticate users without storing their passwords on servers. Continue Reading
-
Podcast
24 Jan 2023
Risk & Repeat: Another T-Mobile data breach disclosed
This podcast episode discusses the latest T-Mobile breach -- the third in less than three years -- in which a threat actor stole personal data from 37 million customer accounts. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
24 Jan 2023
Customer data, encryption key stolen in GoTo breach
GoTo's breach update follows the recent disclosure made by GoTo subsidiary LastPass, which similarly lost significant sensitive customer data in a breach last year. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
23 Jan 2023
Experts applaud expansion of Apple's E2E encryption
Amidst growing privacy concerns and data breach threats, Apple launched Advanced Data Protection for U.S. customers last month to secure almost all data stored in iCloud. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
20 Jan 2023
anonymous FTP (File Transfer Protocol)
Anonymous File Transfer Protocol (FTP) is a method for allowing users to access public files from a remote server or archive site without requiring them to identify themselves to the server or site. Continue Reading
By -
Opinion
20 Jan 2023
6 cybersecurity buzzwords to know in 2023
Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Podcast
20 Jan 2023
Risk & Repeat: Breaking down the LastPass breach
This podcast episode discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 Jan 2023
LastPass faces mounting criticism over recent breach
LastPass disclosed a breach last month in which a threat actor stole personal customer information, including billing addresses and encrypted website login details. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
05 Jan 2023
Windows security tips for the enterprise
Securing a Windows environment is no easy feat. Read up on low-hanging fruit to quickly address, as well as top tips from two security practitioners to get started. Continue Reading
By- Kyle Johnson, Technology Editor
-
Definition
29 Dec 2022
credential theft
Credential theft is a type of cybercrime that involves stealing a victim's proof of identity. Continue Reading
-
Definition
29 Dec 2022
self-sovereign identity
Self-sovereign identity (SSI) is a model for managing digital identities in which individuals or businesses have sole ownership over the ability to control their accounts and personal data. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Definition
29 Dec 2022
continuous authentication
Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis. Continue Reading
-
Definition
28 Dec 2022
privilege creep
Privilege creep is the gradual accumulation of access rights beyond what individuals need to do their job. Continue Reading
-
Podcast
21 Dec 2022
Risk & Repeat: OT security progress, threats in 2022
This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and an ever-evolving threat landscape. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
20 Dec 2022
What enumeration attacks are and how to prevent them
Web applications may be vulnerable to user enumeration attacks. Learn how these brute-forcing attacks work and how to prevent them. Continue Reading
By- Ravi Das, RaviDas.Tech Inc.
-
News
19 Dec 2022
The state of OT security: A rapidly evolving landscape
Security experts weigh in on how the OT security landscape has evolved over the last decade, and where it could be going next as threats continue to mount. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
19 Dec 2022
11 cybersecurity predictions for 2023
Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
By- Kyle Johnson, Technology Editor
-
News
15 Dec 2022
Google drops TrustCor certificates as questions loom
Google joined Mozilla and Microsoft in removing support for TrustCor Systems certificates following a Washington Post report on TrustCor's connections to spyware vendors. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
14 Dec 2022
e-ticket (electronic ticket)
An e-ticket (electronic ticket) is a paperless electronic document used for ticketing purposes, such as airfare or concert admission. Continue Reading
-
Tip
13 Dec 2022
What are the differences between su and sudo commands?
Linux administrators have choices when deciding how to delegate privileges. Learn about the options they can take while ensuring their operations remain secure. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Tip
06 Dec 2022
How to implement least privilege access in the cloud
More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Tutorial
06 Dec 2022
How to use the Hydra password-cracking tool
Need help brute-forcing passwords? Get started by learning how to use the open source Hydra tool with these step-by-step instructions and companion video. Continue Reading
By- Ed Moyle, Drake Software
-
News
22 Nov 2022
Google's new YARA rules fight malicious Cobalt Strike use
Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
17 Nov 2022
CISA: Iranian APT actors compromised federal network
CISA said Iranian nation-state actors exploited Log4Shell flaws on an unpatched VMware Horizon server before deploying a cryptominer and attempting to gain persistent access. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
15 Nov 2022
Twitter users experience apparent SMS 2FA disruption
The 2FA notification disruption occurred after CEO Elon Musk announced plans to shutter a majority of Twitter's microservices, though reasons for the outage are unconfirmed. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
14 Nov 2022
time-based one-time password
A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. Continue Reading
By -
Feature
08 Nov 2022
5 ways to overcome multifactor authentication vulnerabilities
Improve the resiliency of multifactor authentication by giving users more information, making default settings more secure, hiding secrets and more. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
26 Oct 2022
Why it's time to expire mandatory password expiration policies
Password expiration policies that force users to regularly reset passwords are counterproductive. It's time to align those policies with proven approaches to password security. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Tip
24 Oct 2022
6 ways to prevent privilege escalation attacks
Privileges dictate the access a user or device gets on a network. Hackers who access these privileges can create tremendous damage. But there are ways to keep your networks safe. Continue Reading
By -
Definition
21 Oct 2022
command-and-control server (C&C server)
A command-and-control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware. Continue Reading
By- Kinza Yasar, Technical Writer
-
Definition
20 Oct 2022
What is the zero-trust security model?
The zero-trust security model is a cybersecurity approach that denies access to an enterprise's digital resources by default and grants authenticated users and devices tailored, siloed access to only the applications, data, services and systems they need to do their jobs. Continue Reading
By- Alissa Irei, Senior Site Editor
- Sharon Shea, Executive Editor
-
Definition
20 Oct 2022
RAT (remote access Trojan)
A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer. Continue Reading
By- Kinza Yasar, Technical Writer
-
Definition
18 Oct 2022
full-disk encryption (FDE)
Full-disk encryption (FDE) is a security method for protecting sensitive data at the hardware level by encrypting all data on a disk drive. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Definition
17 Oct 2022
default password
A default password is a standard preconfigured password for a device or software. Continue Reading
-
Feature
14 Oct 2022
How Jamf zero trust can improve Apple device security
Jamf is supporting zero trust with new features across its suite of Mac management software. The proliferation of remote work has made this security model more important. Continue Reading
By- John Powers, Senior Site Editor
-
Tip
12 Oct 2022
An overview of the CISA Zero Trust Maturity Model
A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there. Continue Reading
By -
Tip
07 Oct 2022
Perimeter security vs. zero trust: It's time to make the move
Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Definition
29 Sep 2022
software-defined perimeter (SDP)
A software-defined perimeter, or SDP, is a security technique that controls access to resources based on identity and forms a virtual boundary around networked resources. Continue Reading
By- Sharon Shea, Executive Editor
-
Opinion
29 Sep 2022
Multifactor authentication isn't perfect, passwordless is better
Passwords are frequently the root cause of breaches, and multifactor authentication only provides a stopgap for account protection. It's time to adopt a passwordless strategy. Continue Reading
By- Jack Poller
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
28 Sep 2022
Why zero trust requires microsegmentation
Microsegmentation is a key security technique that enables organizations to achieve a zero-trust model and helps ensure the security of workloads regardless of where they are located. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Sharon Shea, Executive Editor
-
News
21 Sep 2022
Cybercriminals launching more MFA bypass attacks
New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures. Continue Reading
-
News
19 Sep 2022
Rockstar Games confirms hack after 'Grand Theft Auto' leak
A threat actor this weekend published in-development footage from a forthcoming 'Grand Theft Auto' video game and claimed to have breached its publisher, Rockstar Games. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
16 Sep 2022
Uber responds to possible breach following hacker taunts
Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share company's network. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Sep 2022
Consumer data needs better protection by government
Though legislation is before Congress that would address data privacy, it may not set clear enough guidelines or give individuals enough control. Continue Reading
By- Eric Avidon, Senior News Writer
-
News
14 Sep 2022
Data privacy concerns grow as legislation lags
While healthcare and financial data are protected by federal legislation, individuals have little control over how consumer data is collected and used. Continue Reading
By- Eric Avidon, Senior News Writer
-
News
13 Sep 2022
Secureworks reveals Azure Active Directory flaws
Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading
-
News
01 Sep 2022
Researcher unveils smart lock hack for fingerprint theft
An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Tutorial
30 Aug 2022
Learn to monitor group memberships with PowerShell
Use PowerShell automation to build reports in local group memberships on a server and security groups in Active Directory to keep tabs on any irregular behavior. Continue Reading
-
Tip
18 Aug 2022
What is identity sprawl and how can it be managed?
With identity-based attacks on the rise, organizations need to prioritize identity management. Learn about identity sprawl, why it's a risk and how it can be managed. Continue Reading
By -
Definition
15 Aug 2022
tailgating (piggybacking)
Tailgating, sometimes referred to as piggybacking, is a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises. Continue Reading
By -
Definition
12 Aug 2022
segregation of duties (SoD)
Segregation of duties (SoD) is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task. Continue Reading
By -
Opinion
11 Aug 2022
Why 2023 is the year of passwordless authentication
Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication. Continue Reading
By -
Feature
11 Aug 2022
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
By- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
-
News
10 Aug 2022
Ermetic addresses IAM weaknesses in multi-cloud environments
Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
08 Aug 2022
Passkey vs. password: What is the difference?
Companies are turning to passkeys as a secure login for consumers. Passkeys make it more difficult for thieves to steal information, and they are also more convenient for users. Continue Reading
By- Amanda Hetler, Senior Editor
-
News
03 Aug 2022
Amazon CSO Steve Schmidt preaches fungible resources, MFA
In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'. Continue Reading
By- Rob Wright, Senior News Director
- Arielle Waldman, News Writer
-
News
03 Aug 2022
Thoma Bravo to acquire Ping Identity for $2.8B
Thoma Bravo's bid is expected to close in the fourth quarter of 2022. Ping Identity's purchase price represents a 63% premium over the vendor's closing price Tuesday. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
28 Jul 2022
random numbers
As the term suggests, a random number is a number chosen by chance -- i.e., randomly, from a set of numbers. Continue Reading
By -
Tip
27 Jul 2022
SSH2 vs. SSH1 and why SSH versions still matter
The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
- Mike Chapple, University of Notre Dame
-
Definition
27 Jul 2022
data breach
A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Katie Terrell Hanna
- Kevin Ferguson
-
News
26 Jul 2022
AWS issues MFA call to action at re:Inforce 2022
To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
22 Jul 2022
Top 10 enterprise data security best practices
To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your enterprise data security strategy. Continue Reading
By- Charles Kolodgy, Security Mindsets
-
Feature
08 Jul 2022
Top 7 types of data security technology
These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
23 Jun 2022
Access management issues may create security holes
Employees who aren't credentialed to access corporate systems to do their jobs find ways around the red tape that could lead to security breaches. Continue Reading
-
Definition
17 Jun 2022
X.509 certificate
An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
- Sharon Shea, Executive Editor
-
News
15 Jun 2022
Microsoft takes months to fix critical Azure Synapse bug
Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
13 Jun 2022
acceptable use policy (AUP)
An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources. Continue Reading
By -
Feature
10 Jun 2022
3 types of PKI certificates and their use cases
Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases. Continue Reading
By- Isabella Harford, TechTarget
-
Answer
09 Jun 2022
Are 14-character minimum-length passwords secure enough?
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe. Continue Reading
By- Sharon Shea, Executive Editor
- Randall Gamby, HP
-
News
08 Jun 2022
SANS lists bad backups, cloud abuse as top cyberthreats
A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
-
News
07 Jun 2022
Microsoft details zero-trust transition, challenges
Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022. Continue Reading
By- Arielle Waldman, News Writer
-
Tutorial
02 Jun 2022
Improve Azure storage security with access control tutorial
These step-by-step guidelines detail how to grant limited access in Microsoft Azure storage. This best practice helps keep storage secure from internal and external threats. Continue Reading
By -
News
24 May 2022
MFA technology is rapidly evolving -- are mandates next?
The evolving landscapes of both the modern workplace and cyberthreats have paved the way for some organizations to require multifactor authentication protection. Will others join? Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Feature
20 May 2022
Apple, Microsoft, Google expand FIDO2 passwordless support
Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
19 May 2022
Small businesses under fire from password stealers
Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Guest Post
17 May 2022
5 steps to ensure a successful access management strategy
Access management is top of mind for organizations, especially in the hybrid workspace. Follow these five steps to create an access management strategy that benefits all users. Continue Reading
By- Michael Kelley
-
News
28 Apr 2022
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Definition
28 Apr 2022
man-in-the-middle attack (MitM)
A man-in-the-middle (MitM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. Continue Reading
By- Kinza Yasar, Technical Writer
- Michael Cobb
-
Feature
27 Apr 2022
Why companies should focus on preventing privilege escalation
If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
By- Kyle Johnson, Technology Editor
-
Definition
20 Apr 2022
WLAN Authentication and Privacy Infrastructure (WAPI)
WLAN Authentication and Privacy Infrastructure (WAPI) is a wireless local area network security standard officially supported by the Chinese government. Continue Reading
By -
News
18 Apr 2022
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos
Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
18 Apr 2022
built-in administrator account
In the Windows operating system, the built-in administrator account -- the first account created when the OS was installed -- has the highest permissions of any profile on the computer system. Continue Reading
By- Rahul Awati
- Toni Boger, TechTarget
-
News
14 Apr 2022
VMware Workspace One flaw actively exploited in the wild
Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tutorial
14 Apr 2022
Get started with Azure AD entitlement management automation
Identity governance tasks in Azure Active Directory can be overwhelming, but understanding how to use Microsoft Graph and PowerShell to work with these settings will help. Continue Reading
By- Liam Cleary, SharePlicity
-
Tip
07 Apr 2022
5 key elements of data tenancy
Data tenancy is a key piece of any data protection scheme and can be crafted around five building blocks to provide safe, secure data access to users. Continue Reading
-
Definition
07 Apr 2022
Open System Authentication (OSA)
Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. Continue Reading
By -
Feature
06 Apr 2022
How secure are one-time passwords from attacks?
Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs. Continue Reading
By- Kyle Johnson, Technology Editor
-
Definition
06 Apr 2022
AAA server (authentication, authorization and accounting)
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Feature
04 Apr 2022
How to implement OpenID Connect for single-page applications
The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications. Continue Reading
By- Kyle Johnson, Technology Editor
- Manning Publications Co.
-
Feature
04 Apr 2022
How to use OpenID Connect for authentication
OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs. Continue Reading
By- Kyle Johnson, Technology Editor
-
Definition
04 Apr 2022
Luhn algorithm (modulus 10)
The Luhn algorithm, also called modulus 10 or modulus 10 algorithm, is a simple mathematical formula used to validate a user's identification numbers. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Definition
31 Mar 2022
authentication server
An authentication server is an application that facilitates the authentication of an entity that attempts to access a network. Continue Reading
-
News
22 Mar 2022
Lapsus$ hacking group hit authentication vendor Okta
Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
-
Definition
21 Mar 2022
mutual authentication
Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other. Continue Reading
By