Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

Tip 31 Jul 2025
How liveness detection catches deepfakes and spoofing attacks

Biometric liveness detection can stop fake users in their tracks. Learn how the technology works to distinguish real humans from deepfakes and other spoofing attacks. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Video 17 Jul 2025
An explanation of identity and access management

Identity and access management systems safeguard businesses by controlling digital identities, managing access rights and implementing security protocols. Continue Reading
By
- Tommy Everson, Assistant Editor
- Sharon Shea, Executive Editor

Tip 24 Jul 2008
Key management challenges and best practices

Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them. Continue Reading
By
- Randy Nash, Contributor
Answer 20 Mar 2008
What is the purpose of RFID identification?

RFID identification can be used to keep track of everything from credit cards to livestock. But what security risks are involved? Continue Reading
By
- Joel Dubin
Answer 04 Mar 2008
What techniques are being used to hack smart cards?

Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers. Continue Reading
By
- Joel Dubin
Definition 03 Mar 2008
role mining

Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise... (Continued) Continue Reading
By
- TechTarget Contributor
Answer 13 Jan 2008
What are the pros and cons of using stand-alone authentication that is not Active Directory-based?

Password managment tools other than Active Directory are available, though they may not be the best access control coordinators. Continue Reading
By
- Joel Dubin
Answer 28 Nov 2007
How can root and administrator privileges of different systems be delegated on one account?

In this expert response, Joel Dubin discusses how corporations can manage "superuser" accounts by delegating root and administrator privileges. Continue Reading
By
- Joel Dubin
Answer 01 Oct 2007
Choosing from the top PKI products and vendors

In this expert response, security pro Joel Dubin discusses the best ways to compare PKI products and vendors for enterprise implementation of PKI. Continue Reading
By
- Joel Dubin
Answer 26 Jul 2007
How secure is the Windows registry?

In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains the weaknesses of the Windows registry and explores other OS alternatives. Continue Reading
By
- Michael Cobb
Answer 05 Jun 2007
What are the potential risks of giving remote access to a third-party service provider?

In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin discusses the potential risks involved with providing remote access to a third-party service provider. Continue Reading
By
- Joel Dubin
Answer 04 Jun 2007
Is the use of digital certificates with passwords considered two-factor authentication?

In this SearchSecurity.com Q&A identity management and access control expert Joel Dubin identifies the factors that contribute to two-factor authentication, such as smart cards and digital certificates. Continue Reading
By
- Joel Dubin
Answer 01 Jun 2007
How to test an enterprise single sign-on login

In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin examines the best ways to test an enterprise single sign-on (SSO) login. Continue Reading
By
- Joel Dubin
Answer 08 Feb 2007
Will biometric authentication replace the password?

Some security observers say user IDs and passwords are obsolete and can be easily cracked, but that doesn't mean you should fire up biometric authentication projects just yet. In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin explains why enterprises are still holding back on biometrics. Continue Reading
By
- Joel Dubin
Answer 07 Feb 2007
Can single sign-on (SSO) provide authentication for remote logons?

If you're accessing multiple applications through a remote Citrix server, you have two options. Identity management and access control expert Joel Dubin explains both in this SearchSecurity.com Q&A. Continue Reading
By
- Joel Dubin
Answer 10 Oct 2006
How to safely issue passwords to new users

In this Ask the Expert Q&A, our identity management and access control expert Joel Dubin offers tips on safe password distribution, and reviews the common mistakes that help desks and system administrators make when issuing new passwords. Continue Reading
By
- Joel Dubin