Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

News 16 May 2023
Coalition: Employee actions are driving cyber insurance claims

After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
News 10 May 2023
Dragos discloses blocked ransomware attack, extortion attempt

Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading

Answer 30 Jan 2014

Preventing plaintext password problems in Google Chrome

Plaintext passwords are risky business. Michael Cobb discusses what Google says about the Chrome password vulnerability and potential exploits. Continue Reading
Answer 07 Oct 2013

The value of 2,048-bit encryption: Why encryption key length matters

Leading browsers are required to use 2,048-bit length keys by the end of the year, but what effect does this have on security? Continue Reading
Feature 26 Nov 2012

Understanding IDaaS: The benefits and risks of Identity as a Service

Are identities safe in the cloud? Experts say enterprises must carefully weigh the risks vs. rewards of identity management as a service. Continue Reading
Answer 09 Nov 2011

OAuth 2.0: Pros and cons of using the federation protocol

Learn the advantages and disadvantages of using Open Authorization for Web application authentication. Continue Reading
Answer 06 Oct 2011

Insufficient authorization: Hardening Web application authorization

Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors. Continue Reading
Tip 09 Nov 2010

User provisioning best practices: Access recertification

User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging. Get best practices on creating a recertification process in this tip from IAM expert Randall Gamby. Continue Reading
Answer 14 Jan 2010

Is it possible to crack the public key encryption algorithm?

Is it possible to create a PKI encryption key that is unbreakable? IAM expert Randall Gamby weighs in. Continue Reading
Tip 07 Jul 2009

Making the case for enterprise IAM centralized access control

Central access to multiple applications and systems can raise the level of security while getting rid of lots of red tape, so how do you go about creating central access management? In this tip, IAM expert David Griffeth explains the steps. Continue Reading
Tip 02 Mar 2009

From the gateway to the application: Effective access control strategies

Organizations need to strike a balance between so-called front-door access control and more fine grained controls established within an application itself. This article discusses the difference between products designed to set access at the gateway and complementary application-level controls. You'll learn how gateway-based access control works, the value in managing authorization in a centralized manner and the access control functions left for the application to perform. You'll also learn the role each variety of control plays in moving an organization toward single sign-on. Continue Reading
Tip 11 Nov 2008

ID and password authentication: Keeping data safe with management and policies

Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements. Continue Reading
Tip 28 Aug 2008

How to lay the foundation for role entitlement management

Role entitlement management is a daunting task, however, there are steps you can take to lay the foundation for a successful management process. In this tip, expert Rick Lawhorn details these seven steps. Continue Reading
Tip 24 Jul 2008

Key management challenges and best practices

Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them. Continue Reading
Answer 20 Mar 2008

What is the purpose of RFID identification?

RFID identification can be used to keep track of everything from credit cards to livestock. But what security risks are involved? Continue Reading
Answer 04 Mar 2008

What techniques are being used to hack smart cards?

Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers. Continue Reading
Answer 13 Jan 2008

What are the pros and cons of using stand-alone authentication that is not Active Directory-based?

Password managment tools other than Active Directory are available, though they may not be the best access control coordinators. Continue Reading
Answer 28 Nov 2007

How can root and administrator privileges of different systems be delegated on one account?

In this expert response, Joel Dubin discusses how corporations can manage "superuser" accounts by delegating root and administrator privileges. Continue Reading
Answer 01 Oct 2007

Choosing from the top PKI products and vendors

In this expert response, security pro Joel Dubin discusses the best ways to compare PKI products and vendors for enterprise implementation of PKI. Continue Reading
Answer 26 Jul 2007

How secure is the Windows registry?

In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains the weaknesses of the Windows registry and explores other OS alternatives. Continue Reading
Answer 05 Jun 2007

What are the potential risks of giving remote access to a third-party service provider?

In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the potential risks involved with providing remote access to a third-party service provider. Continue Reading
Answer 04 Jun 2007

Is the use of digital certificates with passwords considered two-factor authentication?

In this SearchSecurity.com Q&A identity management and access control expert Joel Dubin identifies the factors that contribute to two-factor authentication, such as smart cards and digital certificates. Continue Reading
Answer 01 Jun 2007

How to test an enterprise single sign-on login

In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin examines the best ways to test an enterprise single sign-on (SSO) login. Continue Reading
Answer 08 Feb 2007

Will biometric authentication replace the password?

Some security observers say user IDs and passwords are obsolete and can be easily cracked, but that doesn't mean you should fire up biometric authentication projects just yet. In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin explains why enterprises are still holding back on biometrics. Continue Reading
Answer 07 Feb 2007

Can single sign-on (SSO) provide authentication for remote logons?

If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A. Continue Reading
Answer 10 Oct 2006

How to safely issue passwords to new users

In this Ask the Expert Q&A, our identity management and access control expert Joel Dubin offers tips on safe password distribution, and reviews the common mistakes that help desks and system administrators make when issuing new passwords. Continue Reading