Identity and Access Management
Identity and Access Management | News, how-tos, features, reviews, and videos
Supply chain attacks show why you should be wary of third-party providers
The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.
FIDO explained: How this industry initiative aims to make passwords obsolete
The FIDO Alliance is an industry association that promotes the use of public-key cryptography to bring strong authentication to the Web.
How one multicloud-based business manages security controls
AppsFlyer processes 80 terabytes of data a day across multiple cloud hosting services. It scales its security needs by keeping a close eye on identity governance and access controls.
Hashing explained: Why it's your best bet to protect stored passwords
Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.
Privacy, data protection regulations clamp down on biometrics use
The highly sensitive nature of biometric data and new regulations aimed to protect it are cause to rethink how it's used for authentication.
Inside Atlassian's zero trust implementation
Adrian Ludwig says Atlassian's zero-trust implementation was nearly complete when the pandemic hit. His advice: Define policies to cover all cases first.
Using open source for identity projects: 8 considerations
Consider these eight points to decide whether you can securely use open-source code in your identity management projects.
7 best practices when selecting a PAM solution
The right PAM solution will enable security and compliance teams to define and enforce robust privileged account policies. So how do you pick the right PAM solution?
New US digital identity legislation promises more secure verification
COVID-19 has exposed the US’s lack of a comprehensive digital identity strategy. If passed, the Improving Digital Identity Act of 2020 will address this need through engagement among federal, state and local governments.
The five best Kubernetes security practices
Everyone is moving to containers for their programs, and to manage them, almost everyone is using Kubernetes. That leads to one big problem: How do you secure Kubernetes itself?
Is now the time to deploy passwordless options?
Viable options are now available to supplement or eliminate (almost) the need for password authentication. Here are reasons why passwordless might work for you.
What the use of open banking means for identity networks
By connecting identity data from multiple sources through APIs, the open banking concept can help verify identity more reliably and improve the customer experience.
What is a dictionary attack? And how you can easily stop them
A dictionary attack is a targeted form of brute force attack that runs through lists of common words, phrases, and leaked passwords to gain access to accounts.
8 steps to protecting login credentials
Follow this advice to help users and network admins to better protect login credentials to corporate systems.
Protect your Windows network from excessive administrator rights
Every developer or user on your network with administrative privileges adds risk of account compromise. Review privileges and take these steps to better manage Windows network access rights.
5 best practices to secure single sign-on systems
Don't assume that SSO is inherently secure. Follow these recommendations to prevent unauthorized access due to authentication flaws.
Privilege escalation explained: Why these flaws are so valuable to hackers
Attackers use privilege escalation flaws to gain access to systems and applications. Patching and monitoring are the most important ways to stop them.
