Identity Management

Identity Management news, information, and how-to advice


Is “Bring Your Own Identity” a security risk or advantage?

Questions abound over websites authenticating users via identities established through Facebook, LinkedIn, Google, Amazon, Microsoft Live, Yahoo Ponemon Institute survey shows.

Why the Microsoft Active Directory design flaw isn't serious

Experts are skeptical of the seriousness of a reported design flaw in Microsoft Active Directory, which is used by many enterprises to control employee access to the corporate network.

Why password managers are not as secure as you think

University researchers have raised concerns about the security of web-based password managers that free people from the burden of having to remember website credentials.

How to set up two-factor authentication for iCloud

Apple is reportedly implementing two-factor authentication for some new iCloud services. If you haven't set up that security system already, here's how to do so.

pay pal sign

PayPal error shows how NOT to use two-factor authentication

A PayPal error made it possible to bypass two-factor authentication on a user account, demonstrating what can go wrong in deploying a tricky security mechanism.

binary hard drive

Code Spaces forced to close its doors after security incident

Code Spaces, a SVN and Git hosting provider, used by organizations for project management and development needs, has folded after an attacker compromised their internal systems.

Let's say goodbye to passwords

Over the last few years I’ve been conducting unofficial surveys of security analysts and security executives I meet in the field. My goal is always to determine what security solutions have been most detrimental to actually achieving...

Security pros and cons of Apple's latest operating systems

Apple's march toward seamless integration between the Mac, iPhone and iPad worries some security experts who say companies may find it more difficult to prevent data leakage on the devices.

serverskulls header

Vendor error forces Lowe's to issue breach notification letters

In a letter to both current and former employees, Lowe’s says that personal information might have been compromised after a third-party vendor exposed it to the public.

ebay marketplaces ipad

Raising awareness quickly: The eBay data breach

On Wednesday, eBay issued an advisory to users stating that passwords will need to be changed, after a database containing user information was compromised.

many red opened locks around one closed blue lock 148650499

Covert Redirect isn't a vulnerability, and it's nothing like Heartbleed

On Friday, Wang Jing, published a report focused on a method of attack called "Covert Redirect," promoting it as a vulnerability in OAuth 2.0 and OpenID. However, this isn't the first time the issue has been raised, and it isn't...

credit cards generic

Retailers plodding toward accepting higher-security payment cards

Target is speeding up support for chip-and-PIN payment cards to restore consumer confidence shaken by last year's massive data breach. But many other retailers feel less of an urgency to adopt the more secure technology.

Why you need to rethink the benefits of SMS authentication to improve security

The quest for perfect authentication gets in the way of good solutions that raise the bar for attackers while easing the process for the people who need to use it. Stepping back to reconsider authentication and the problem to solve...

The paranoid's survival guide, part 1: How to protect your personal data

Who says privacy is dead? While it's true that marketers, the government, data aggregators and others are gathering and analyzing more data than ever about every individual, you can still exert some control over what's out there,...

New identity fraud victim every two seconds thanks to massive data breaches

There have been a number of high-profile data breaches lately—and a whole bunch of smaller data breaches that didn’t make national headlines. The data breach itself, however, is just the beginning. What matters most is what happens...

Yahoo attack places spotlight on identity management

Theft of credentials highlights risk of using the same usernames and passwords across multiple accounts

It doesn't matter what the dumbest password is, we're going to keep using it

I wanted to avoid this story, but I can't. Passwords are still the core authentication method used in the home and office today, and while solutions exist to replace them, it's not going to happen anytime soon.

Hackers meet professor's challenge to pen test his online world

An NYU professor challenged a team of hackers to break into his online world. They did, but it wasnt easy or cheap.

How security is using IAM to manage BYOD

Faced with the undeniable arrival of BYOD, many security leaders are now turning to IAM technologies to ensure smartphones and tablets are not lost, stolen or misused.How can you make it work in your organization?

Load More