In a new white paper, The Chertoff Group stresses that one-time passwords are proving to be a less-than-ideal long term replacement for passwords. Instead they stress that policymakers and implementers should consider multi-factor authentication approaches based on public-key cryptography, specifying either recommendations for …

The industry is working hard to replace the username and password as the primary authentication method online, but it will take time. It occurred to me this week that the world needs to better embrace password managers with 2FA or two-factor authentication. I haven’t found reliable statistics that shows exactly what percentage of the population […]

With titles like the Indigent Mole and Acumulus Datum, the 2017 Verizon Data Breach Digest reads more like a compilation of short crime novels than an IT report. The authors take this serious subject matter and make it an entertaining read, which should help ensure that the underlying IT security messages are more readily consumed by non-IT decision makers.

Norway’s BankID is used 430 million times each year by some 3.5 million citizens to access banking, government services and more. It comes in the form of an keyfob and a mobile app, and its use is now expanding to secure apps residing on the actual handset. This is a significant first step toward a robust digital identity that will …

Until the end of March, public comment will be accepted on NIST’s new version of its influential digital identity related, SP 800-63 spec. The document has defined the four levels of identity assurance and helped shape government e-authentication projects. This new version dumps the prior four LOAs and instead breaks out the grading system into three new standalone areas.

As we enter 2017, the problems that plague self-selected passwords continue coming from all levels. Despite many years of education, end users still choose weak passwords, site owners still haven’t mandated strong authentication, and public email providers are not taking the basic steps to limit fraudulent account creation. The sad state of affairs continues despite …

The hype around use of blockchain technology to power the future of digital identity and replace our reliance on user names and passwords is huge. A great example of how it might be done is found in the newly announced use of blockchain to authenticate wine provenance throughout a bottle’s life and its various owners.

The hack of the Ukrainian power grid brought down part of the city of Kiev for a time, and some fear it suggests things to come in other parts of the world, even the U.S. By obtaining user name and password credentials for an admin user account …

Federated identity allows credentials to be shared across domains, services or relying parties. It enables people to conduct transactions securely and effortlessly while ensuring destination services don’t receive information that users have not consented to share. The same model that enables payment card systems to share …

Key industry sectors such as utilities, airports, data centers and military bases can up logical access security and defend against remote hacking by adding location as an authentication factor before granting access to highly-sensitive controls. The PLAI spec enables data from PACS to be shared with cyber systems to verify the physical presence of the user.