Security Management Strategies for the CIO
Email Alerts
-
Best Authentication Products 2011
Readers vote on the best digital identity verification products, services, and management systems, including PKI, hardware and software tokens, smart cards. Guide
-
Exploring authentication methods: How to develop secure systems
Use this guide to discover authentication options and learn how to implement, maintain and secure several methods of authentication, such as biometrics, single sign-on (SSO) and smart cards to avoid security breaches and protect sensitive corporate a... Learning Guide
-
Quiz: The new school of enterprise authentication
Take this five-question quiz to test your knowledge of Mark Diodati's enterprise authentication lesson. Quiz
-
The New School of Enterprise Authentication
Burton Group's Mark Diodati examines the technologies that cutting-edge organizations use to redefine successful enterprise authentication. Identity and Access Manag
-
Future authentication technologies: How to choose the right product
In this lesson in SearchSecurity.com's Identity and Access Management Security School, Burton Group's Mark Diodati explores innovative and cost-effective user-based authentication technologies. Identity and Access Manag
-
Quiz: Next-generation authentication
A five-question multiple-choice quiz to test your understanding of the content presented by expert Mark Diodati in this lesson of SearchSecurity.com's Identity and Access Management Security School. Quiz
-
Authentication quiz
Take this quiz to see how much you've learned in the Authentication lesson of Identity and Access Management Security School. Identity and Access Manag
-
Identity and access management final exam
Find out how much you learned in Identity and Access Management Security School and the areas where you need to focus more attention. Identity and Access Manag
-
Secure user authentication: Regulations, implementation and methods
When deploying any authentication option -- whether to comply with the FFIEC's two-factor authentication mandate or simply strengthen access controls -- businesses need to weigh several factors to decide which option best suits their needs. In this l... Identity and Access Manag
-
Risk-based authentication
The concept of risk-based authentication is becoming popular for some online business-to-consumer transactions, particularly those conducted with banks and other financial services firms. Information Security maga
- See more Essential Knowledge on Two-Factor and Multifactor Authentication Strategies
-
McAfee jumps into IAM with one-time password, cloud SSO products
McAfee introduces two new identity and access management (IAM) products. News | 30 Apr 2013
-
2013 Verizon DBIR: Authentication attacks affect all organizations
The 2013 Verizon data breach report details how authentication attacks affect organizations of all sizes, blaming single-factor passwords. News | 23 Apr 2013
-
Microsoft acquires multifactor authentication vendor PhoneFactor
Microsoft has purchased the multifactor factor authentication platform vendor for an undisclosed amount. News | 05 Oct 2012
-
Can SMBs sue their bank and recover losses from a hacked bank account?
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets. News | 01 Mar 2012
-
RSA SecurID breach: Executives attempt to repair tarnished image
While the RSA SecurID breach cost EMC’s security division more than $60 million, executives admit it could take years to restore its tarnished image. News | 16 Jan 2012
-
Contractor attacks via SecurID tokens fuel call for data security reassessment
Security pros advocate a reassessment of security processes and technologies in the wake of breaches that may be tied to RSA SecurID weaknesses. News | 02 Jun 2011
-
RSA SecurID breach fallout should be limited, experts say
Experts say the risk of an attack that exploits stolen proprietary data on RSA's SecurID products is low, but it can't be completely dismissed until attack details are revealed. Article | 18 Mar 2011
-
RSA breached in APT attack; SecureID info stolen
Company warns customers that SecurID product data was stolen in sophisticated attack. Article | 17 Mar 2011
-
PhoneFactor provides multifactor authentication for HealthVault
PhoneFactor has been selected by Microsoft to provide multifactor authentication for HealthVault users. Article | 15 Feb 2011
-
Out-of-band authentication boosts security but isn't failsafe
Authentication technology helps thwart online banking fraud but determined criminals can circumvent it. Article | 20 Dec 2010
- See more News on Two-Factor and Multifactor Authentication Strategies
-
Examining device-based authentication
Combining device-based authentication technology with existing user-based authentication would be appealing for many organizations, but technical details remain unclear. Column
-
Two-factor authentication options, use cases and best practices
It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises. Learn how to get started in this 2FA primer. Tip
-
How diligent user account security thwarts password recovery attacks
The recent CloudFlare hack showed how poor user account security and password recovery can be compromised. Learn how to avoid a similar incident. Tip
-
Enterprise mobile access: Considerations for two-factor mobile authentication
Is two-factor mobile authentication the only answer to secure enterprise mobile access? Randall Gamby explores keeping mobile access under control. Tip
-
Book chapter: Security+ study guide and CompTIA security practice exam
In this chapter excerpt from CompTIA Security+ Certification Passport, author T.J. Samuelle describes authentication as needed to pass the exam. Tip
-
Secure tokens: Preventing two-factor token authentication exploits
What are the most common attacks against two-factor authentication, and how can you protect against them? Expert Nick Lewis weighs in. Tip
-
SMS two-factor authentication for electronic identity verification
Tokens are no longer the only choice when it comes to OTPs and electronic identity verification. Learn about new two-factor authentication options involving SMS and mobile phones. Tip
-
Risk-based multifactor authentication implementation best practices
A multifactor authentication implementation can be a hard sell to enterprise executives and users alike. In this tip, learn four key strategies to ensure that both groups understand and support the project. Tip
-
Multifactor authentication options to secure online banking
Banks are required to deploy multifactor authentication to secure online banking and meet FFIEC requirements. In this tip, Dave Shackleford describes some of the pros and cons associated with traditional forms of multifactor authentication as well as... Tip
-
Security on a budget: How to make the most of authentication tools
Working on an identity and access management project can be hard enough without having to worry about sufficient funding. In this tip, learn how to leverage existing identity and access management tools and software to keep your budget lean and your ... Tip
-
Are 'strong authentication' methods strong enough for compliance?
If multifactor authentication is so great, why hasn't it replaced the password? Michael Cobb reviews the hype surrounding strong authentication. There are more drawbacks than you think. Tip
- See more Tips on Two-Factor and Multifactor Authentication Strategies
-
Do two-factor authentication vulnerabilities outweigh the benefits?
Two-factor authentication vulnerabilities are a real concern, but should they deter enterprises from deploying 2FA? Expert Michael Cobb discusses. Answer
-
Enterprise risk-based authentication: Has it finally arrived?
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise. Answer
-
Image-based authentication: Viable alternative authentication method?
Randall Gamby addresses the criticisms of image-based authentication and considers if it's a viable enterprise alternative authentication method. Answer
-
Privileged account policy: Securely managing privileged accounts
Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information. Answer
-
Detecting and blocking suspicious logins, unusual login activity in the enterprise
Randall Gamby dissects the delicate but crucial science of detecting and blocking suspicious logins and unusual login activity in the enterprise. Answer
-
Creating a password-reset program with corporate text messaging
Learn how to use corporate text messaging as the cornerstone of an enterprise password-reset program in this expert response from Randall Gamby. Ask the Expert
-
The pros and cons of implementing smart cards
Most infosec pros agree that smart cards create a higher level of enterprise security than passwords alone. Learn how to weigh the pros and cons of smart cards to know if they're right for your enterprise? Ask the Expert
-
What should an enterprise look for in a password token and a vendor?
One-time password (OTP) tokens can aid data security by creating another layer of authentication. In this identity and access management expert response, learn which OTPs are the most secure. Ask the Expert
-
Are smart cards insecure if Mifare Classic RFID encryption is cracked?
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access management expert Joel Dubin explains. Ask the Expert
-
How do RFID-blocking passport wallets work?
RFID passports can provide quicker passage through customs, but may put sensitive data at risk. Learn about whether RFID-blocking passport wallets can keep personal credentials from being sniffed. Ask the Expert
- See more Expert Advice on Two-Factor and Multifactor Authentication Strategies
-
smart label
A smart label is a slip of paper, plastic or other material on a product that contains an RFID tag in addition to bar code data. Definition
-
typeprint analysis
Typeprint analysis is a technology in which the rhythmic patterns of a person's keyboard behavior, known as keystroke dynamics, are analyzed over a period of time and then stored... (Continue) Definition
-
authentication, authorization, and accounting (AAA)
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. Definition
-
password hardening
Password hardening is any one of a variety of measures taken to make it more difficult for an intruder to circumvent the authentication process. Password hardening may take the form of multifactor authentication, by adding some component to the u... Definition
-
Kerberos
Kerberos is a secure method for authenticating a request for a service in a computer network. Definition
-
federated identity management (FIM)
Federated Identity Management (FIM) is an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group... (Continued) Definition
-
authentication
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Definition
-
AAA server (authentication, authorization, and accounting)
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services. Definition
-
Gartner on security impact of evolving corporate identity standards
Gartner VP Gregg Kreizman discusses how evolving corporate identity standards and mobility are affecting IT security. Podcast
-
PayPal CISO hopes FIDO Alliance can help replace weak passwords
Video: PayPal CISO Michael Barrett discusses the FIDO Alliance launch and how the open standard for online authentication might help replace weak passwords. Video
-
Alternative authentication: New authentication methods for enterprises
In this special video presentation, learn about host authentication, heuristic authentication and AI, and how to start moving away from passwords. Video
-
Secure authentication trends: Cloud biometrics, next-generation authentication
In this video, Ant Allan discusses secure authentication trends, including next-generation authentication options and cloud biometrics possibilities. Video
-
Choosing the right authentication method for your business
These days, there are so many different authentication options for so many varied devices that it's hard to know what to choose. In this video, Mark Diodati of Burton Group explains what's new in the world of authentication and how to know what's rig... Video
-
PCI compliance requirement 7: Restrict access
Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 7: "Restrict access to cardholder data." Video
-
PCI compliance requirement 9: Physical access
For Requirement 9 of the PCI Data Security Standard, basic physical controls are required for the facilities that process cardholder data. In this video, Ed Moyle and Diana Kelley review the defenses. Video
-
Do two-factor authentication vulnerabilities outweigh the benefits?
Two-factor authentication vulnerabilities are a real concern, but should they deter enterprises from deploying 2FA? Expert Michael Cobb discusses. Answer
-
Gartner on security impact of evolving corporate identity standards
Gartner VP Gregg Kreizman discusses how evolving corporate identity standards and mobility are affecting IT security. Podcast
-
Two-factor authentication options, use cases and best practices
It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises. Learn how to get started in this 2FA primer. Tip
-
McAfee jumps into IAM with one-time password, cloud SSO products
McAfee introduces two new identity and access management (IAM) products. News
-
2013 Verizon DBIR: Authentication attacks affect all organizations
The 2013 Verizon data breach report details how authentication attacks affect organizations of all sizes, blaming single-factor passwords. News
-
PayPal CISO hopes FIDO Alliance can help replace weak passwords
Video: PayPal CISO Michael Barrett discusses the FIDO Alliance launch and how the open standard for online authentication might help replace weak passwords. Video
-
Alternative authentication: New authentication methods for enterprises
In this special video presentation, learn about host authentication, heuristic authentication and AI, and how to start moving away from passwords. Video
-
smart label
A smart label is a slip of paper, plastic or other material on a product that contains an RFID tag in addition to bar code data. Definition
-
Microsoft acquires multifactor authentication vendor PhoneFactor
Microsoft has purchased the multifactor factor authentication platform vendor for an undisclosed amount. News
-
Enterprise risk-based authentication: Has it finally arrived?
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise. Answer
- See more All on Two-Factor and Multifactor Authentication Strategies
About Two-Factor and Multifactor Authentication Strategies
User names and passwords are no longer enough and more enterprises are deploying two-factor or multifactor authentication products. Browse the articles and advice in this section for the latest information on using strong authentication in your organization.