Web authentication and access control

Get tips and tricks on web authentication and and web access control. Learn when restricting Web access is necessary and how web application IAM techniques like single sign-on can thwart hacker attacks and threats.

Top Stories

News 28 Oct 2021
Twitter details internal Yubico security key rollout

Following last year's breach, Twitter obtained 100% security key enrollment from its 5,500 internal employee accounts within a month of the cutover date. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 01 Sep 2021
Beware of proxyware: Connection-sharing services pose risks

Cisco Talos warns that sharing internet connections with random people via third-party app like Honeygain and Peer2Profit could lead to malware installations and other threats. Continue Reading
By
- Shaun Nichols

Definition 30 Mar 2023
authentication factor

An authentication factor is a category of credential that is intended to verify, sometimes in combination with other factors, that an entity involved in some kind of communication or requesting access to some system is who, or what, they are declared to be. Continue Reading
By
- Ivy Wigmore
Definition 24 Mar 2023
three-factor authentication (3FA)

Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 20 Mar 2023
FIDO (Fast Identity Online)

FIDO (Fast Identity Online) is a set of technology-agnostic security specifications for strong authentication. Continue Reading
By
- David Strom
Definition 14 Nov 2022
time-based one-time password

A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. Continue Reading
By
- Colin Steele
Definition 17 Jun 2022
X.509 certificate

An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Sharon Shea, Executive Editor
Definition 20 Apr 2022
WLAN Authentication and Privacy Infrastructure (WAPI)

WLAN Authentication and Privacy Infrastructure (WAPI) is a wireless local area network security standard officially supported by the Chinese government. Continue Reading
By
- Rahul Awati
Definition 07 Apr 2022
Open System Authentication (OSA)

Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. Continue Reading
By
- Paul Kirvan
Definition 25 Feb 2022
Shared Key Authentication (SKA)

Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. Continue Reading
By
- Andrew Zola
Definition 11 Feb 2022
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government's Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBC-MAC (CCM) mode of operation. Continue Reading
By
- Rahul Awati
Definition 30 Nov 2021
walled garden

On the internet, a walled garden is an environment that controls the user's access to network-based content and services. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 28 Oct 2021
Twitter details internal Yubico security key rollout

Following last year's breach, Twitter obtained 100% security key enrollment from its 5,500 internal employee accounts within a month of the cutover date. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 29 Sep 2021
CHAP (Challenge-Handshake Authentication Protocol)

CHAP (Challenge-Handshake Authentication Protocol) is a challenge and response authentication method that Point-to-Point Protocol (PPP) servers use to verify the identity of a remote user. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Definition 15 Sep 2021
Kerberos

Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
News 01 Sep 2021
Beware of proxyware: Connection-sharing services pose risks

Cisco Talos warns that sharing internet connections with random people via third-party app like Honeygain and Peer2Profit could lead to malware installations and other threats. Continue Reading
By
- Shaun Nichols
News 15 Jul 2021
SonicWall warns of 'imminent' SMA 100/SRA ransomware attacks

SonicWall said that those who fail to update or disconnect their vulnerable SMA 100 and SRA devices are 'at imminent risk of a targeted ransomware attack.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 12 Jul 2021
How to implement machine identity management for security

In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
By
- Michael Cobb
News 28 Jun 2021
SolarWinds hackers compromised Microsoft support agent

After placing information-stealing malware on a customer support agent's system, the Nobelium threat actors gained access to three Microsoft clients. Continue Reading
By
- Arielle Waldman, News Writer
News 24 Jun 2021
Atlassian moves to lock down accounts from takeover bugs

Check Point Research uncovered a set of flaws that, if chained together, would have enabled attackers to hijack accounts with single sign-on enabled. Continue Reading
By
- Shaun Nichols
News 24 Jun 2021
HPE jumps into zero trust with Project Aurora

Enterprise giant HPE says its new zero-trust offering, dubbed Project Aurora, will make its debut later this year with the GreenLake hybrid cloud platform. Continue Reading
By
- Shaun Nichols
News 11 Jun 2021
Slilpp marketplace goes dark following government takedown

Slilpp, a massive dark web emporium for buying and selling stolen credentials, has been pulled offline by an international law enforcement takedown. Continue Reading
By
- Shaun Nichols
News 08 Jun 2021
CISA taps Bugcrowd for federal vulnerability disclosure program

The new program follows a CISA directive from September that requires executive branch agencies to create and publish vulnerability disclosure policies. Continue Reading
By
- Shaun Nichols
Definition 01 Jun 2021
Amazon Cognito

Amazon Cognito is an Amazon Web Services product that controls user authentication and access for mobile applications on internet-connected devices. Continue Reading
By
- Rahul Awati
- David Carty, Site Editor
News 19 May 2021
Cisco shares lessons learned in zero-trust deployment

The networking giant explained at RSA Conference 2021 how it was able to deploy a company-wide zero trust model in less than six months, and what it learned along the way. Continue Reading
By
- Shaun Nichols
News 14 May 2021
'Scheme flooding' bug threatens to sink user privacy

Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN. Continue Reading
By
- Shaun Nichols
Definition 11 May 2021
Extensible Authentication Protocol (EAP)

The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet. Continue Reading
By
- Eva Webster
- TechTarget Contributor
Definition 15 Apr 2021
user authentication

User authentication verifies the identity of a user attempting to gain access to a network or computing resource by authorizing a human-to-machine transfer of credentials during interactions on a network to confirm a user's authenticity. Continue Reading
By
- TechTarget Contributor
Definition 12 Apr 2021
Transport Layer Security (TLS)

Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Kevin Beaver, Principle Logic, LLC
- Michael Cobb
News 05 Apr 2021
Remote work increases demand for zero-trust security

One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Jan 2021
Zero trust 2.0: Google unveils BeyondCorp Enterprise

BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication. Continue Reading
By
- Rob Wright, Senior News Director
Tip 14 Jan 2021
Select a customer IAM architecture to boost business, security

Not all customer IAM platforms are created equal. Will a security-focused or marketing-focused CIAM architecture best meet your organization's needs? Read on for help deciding. Continue Reading
By
- Mike Chapple, University of Notre Dame
News 07 Jan 2021
Defending against SolarWinds attacks: What can be done?

While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Nov 2020
Weighing remote browser isolation benefits and drawbacks

Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost challenges before investing in the zero-trust approach. Continue Reading
By
- Michael Cobb
Quiz 05 Oct 2020
Quiz: Network security authentication methods

There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security. Continue Reading
By
- Katie Donegan, Social Media Manager
Tip 30 Sep 2020
What are the top secure data transmission methods?

Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip. Continue Reading
By
- Michael Heller and Chris Apgar
Tip 10 Sep 2020
Combination of new, old tech driving remote access security

The massive shift to home-based workforces left IT vulnerable to unexpected threats, but organizations are combining old and new strategies to maintain remote access security. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 23 Jul 2020
'Meow' attacks wipe more than 1,000 exposed databases

A new threat has hit more than 1,000 unsecured databases on ElasticSearch, MongoDB and other platforms, destroying data and replacing files with a single word: meow. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Jun 2020
New Cisco Webex vulnerability exposes authentication tokens

Trustwave SpiderLabs researchers disclosed a vulnerability in Cisco Webex software that leaks information stored in memory, including authentication tokens. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Jun 2020
3 key identity management tips to streamline workflows

Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 27 May 2020
Top 3 advantages of smart cards -- and potential disadvantages

As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
By
- Katie Donegan, Social Media Manager
- Joel Snyder, Opus One
Tip 29 Apr 2020
SSL certificate best practices for 2020 and beyond

SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
By
- Michael Cobb
News 20 Apr 2020
Google unveils BeyondCorp Remote Access as VPN alternative

Google unveiled a new iteration of its zero-trust network offering with BeyondCorp Remote Access, which is designed to help remote workers securely connect to critical web apps. Continue Reading
By
- Rob Wright, Senior News Director
Feature 29 Jan 2020
How to implement a holistic approach to user data privacy

IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy. Continue Reading
By
- Katie Donegan, Social Media Manager
News 13 Dec 2019
RSA teams up with Yubico for passwordless authentication

RSA Security joined forces with Yubico to eliminate passwords within the enterprise. RSA's Jim Ducharme explains what it will take to the reach the 'last mile' of the pursuit. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Dec 2019
Exposed Firebase databases hidden by Google search

A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet. Continue Reading
By
- Rob Wright, Senior News Director
News 07 Nov 2019
SSL certificate abuse drives growing number of phishing attacks

Phishing attacks against the United Nations and humanitarian organizations show how threat actors are weaponizing valid SSL certificates and how hard it is to stop the abuse. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Nov 2019
Firefox bug is enabling attackers to freeze out users

A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch. Continue Reading
By
- Michael Heller, TechTarget
Answer 16 Sep 2019
What's the purpose of CAPTCHA technology and how does it work?

Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums and blog comment sections. Continue Reading
By
- Joel Dubin
Feature 01 Aug 2019
New tech steers identity and access management evolution

IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets. Continue Reading
By
- Alissa Irei, Senior Site Editor
Opinion 01 Aug 2019
Is your identity management up to the task?

IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle. Continue Reading
By
- Ben Cole, Executive Editor
E-Zine 01 Aug 2019

Managing identity and access well unlocks strong security

Continue Reading
Tip 17 Jul 2019
The benefits of IAM can far outweigh the costs

Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 06 May 2019
5 common authentication factors to know

Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA. Continue Reading
By
- Katie Donegan, Social Media Manager
Tip 20 Mar 2019
How automated patch management using SOAR can slash risk

Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 20 Mar 2019
Automating incident response with security orchestration

Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 20 Mar 2019
Plugging the cybersecurity skills gap with security automation

Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder. Continue Reading
By
- Mike Chapple, University of Notre Dame
News 05 Mar 2019
Container security tools turn heads with expansion to hosts

Vendors that sell container security tools now face off against traditional security tool providers, as both vie for the attention of IT pros who look to fortify their cloud-native infrastructure. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 28 Feb 2019
Cisco patches persistent Webex vulnerability for a third time

After two previous attempts, Cisco has issued a third patch for a persistent flaw in its Webex platform, which allows privilege escalation attacks on systems running the software. Continue Reading
By
- Rob Wright, Senior News Director
Tip 28 Jan 2019
The evolution of the Let's Encrypt certificate authority

Certificate authorities work differently since the open source Let's Encrypt project went into effect. Expert Fernando Gont explains how both CAs and Let's Encrypt operate. Continue Reading
By
- Fernando Gont, SI6 Networks
Feature 23 Jan 2019
Three examples of multifactor authentication use cases

When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation. Continue Reading
By
- David Strom
Feature 23 Jan 2019
Purchasing multifactor authentication tools: What to consider

Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits. Continue Reading
By
- David Strom
Tip 15 Jan 2019
Updating TLS? Use cryptographic entropy for more secure keys

Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson. Continue Reading
By
- Judith Myerson
Answer 14 Jan 2019
How can an authentication bypass vulnerability be exploited?

A vulnerability was found in Western Digital's My Cloud NAS device that can be easily exploited by hackers. Discover what this vulnerability is and how users can be protected. Continue Reading
By
- Judith Myerson
Tip 17 Dec 2018
For effective customer IAM, bundle security and performance

CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 13 Dec 2018
Project Zero finds Logitech Options app critically flawed

Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but the peripheral device maker has yet to address the flaw. Continue Reading
By
- Hanno Böck
Tip 30 Oct 2018
Enterprises should reconsider SMS-based 2FA use after breach

A Reddit breach was triggered by threat actors intercepting SMS messages used to authenticate employees to access sensitive data. Learn why enterprises should reconsider SMS for 2FA. Continue Reading
By
- Nick Lewis
Answer 19 Sep 2018
WPA3 protocol: Should enterprises implement the changes?

The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update with Judith Myerson. Continue Reading
By
- Judith Myerson
News 03 Aug 2018
Reddit breach sparks debate over SMS 2FA

Using two-factor authentication with one-time passwords sent via SMS has come under question again after a Reddit breach was blamed on the faulty 2FA method. Continue Reading
By
- Michael Heller, TechTarget
Answer 13 Jul 2018
Drupalgeddon 2.0: Why is this vulnerability highly critical?

A recently discovered Drupal vulnerability in its open source CMS allowed attackers to control websites. Learn how almost one million sites were affected with Michael Cobb. Continue Reading
By
- Michael Cobb
Podcast 06 Jul 2018
Risk & Repeat: Is AI-driven identity management the future?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Identiverse 2018 and how artificial intelligence is being applied to identity and access management. Continue Reading
By
- Rob Wright, Senior News Director
News 28 Jun 2018
New types of authentication take root across the enterprise

At Identiverse 2018, speakers and attendees expect a rise in two-factor authentication, as the single sign-on user password authentication falls out of favor. Continue Reading
By
- John Powers, Senior Site Editor
Answer 28 Jun 2018
How can a text editor plug-in enable privilege escalation?

Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson. Continue Reading
By
- Judith Myerson
News 26 Jun 2018
Ping adds AI-driven API protection with Elastic Beam acquisition

Ping Identity increased its focus on API security with the acquisition of Elastic Beam, a startup that uses artificial intelligence to apply behavioral security on enterprise APIs. Continue Reading
By
- Rob Wright, Senior News Director
Answer 04 May 2018
How will the new WPA3 protocol strengthen password security?

The development of WPA3 helps advance Wi-Fi protocol, as the next generation of Wi-Fi-enabled devices begins to demand more. Expert Michael Cobb explains how it differs from WPA2. Continue Reading
By
- Michael Cobb
News 24 Apr 2018
Akamai touts network perimeter security shifts, zero-trust model

As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 12 Apr 2018
Will biometric authentication systems replace passwords?

Biometric authentication systems have gained traction on mobile devices, but when will they become dominant within the enterprise? Expert Bianca Lopes weighs in on the topic. Continue Reading
By
- Rob Wright, Senior News Director
News 10 Apr 2018
WebAuthn API gets standards nod from W3C, FIDO Alliance

W3C and the FIDO Alliance have given websites a new tool for doing FIDO-compliant authentication, as the WebAuthn authentication protocol is promoted to W3C Candidate Recommendation. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 07 Feb 2018
Grammarly vulnerability exposed user documents

A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched. Continue Reading
By
- Madelyn Bacon, TechTarget
Answer 26 Jan 2018
How does credential stuffing enable account takeover attacks?

Credential stuffing activity is outpacing the growth of other cyberattacks and enabling account takeover attacks. Akamai Technologies' Patrick Sullivan explains the threat. Continue Reading
By
- Patrick Sullivan
Answer 17 Jan 2018
Confused deputy: How did the vulnerability affect Slack?

A major SAML vulnerability was found in Slack that granted expired login credentials permission into the system. Matt Pascucci explains how this 'confused deputy' problem was handled. Continue Reading
By
- Matthew Pascucci
Answer 15 Jan 2018
Canvas fingerprinting: How does it compromise security?

Mozilla recently decided to pull the HTML canvas element from the Firefox browser. Learn from expert Matt Pascucci what this means for the security and privacy of users. Continue Reading
By
- Matthew Pascucci
Answer 08 Dec 2017
LDAP injection: How was it exploited in a Joomla attack?

After eight years, Joomla discovered an LDAP vulnerability that could be exploited by threat actors. Learn how the attack works from expert Matt Pascucci. Continue Reading
By
- Matthew Pascucci
Tip 07 Dec 2017
How machine learning-powered password guessing impacts security

A new password guessing technique takes advantage of machine learning technologies. Expert Michael Cobb discusses how much of a threat this is to enterprise security. Continue Reading
By
- Michael Cobb
Tip 08 Nov 2017
Learn how to identify and prevent access control attacks

Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening. Continue Reading
By
- (ISC) 2
Answer 26 Oct 2017
Google Docs phishing attack: How does it work?

A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend against such an attack. Continue Reading
By
- Nick Lewis
Tip 17 Aug 2017
Common web application login security weaknesses and how to fix them

Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 09 Aug 2017
What tools can bypass Google's CAPTCHA challenges?

The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the attack works. Continue Reading
By
- Michael Cobb
Podcast 12 Jul 2017
Risk & Repeat: Should IAM systems be run by machine learning?

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems. Continue Reading
By
- Rob Wright, Senior News Director
Feature 12 Jul 2017
Q&A: Ping CEO on contextual authentication, intelligent identity

Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises. Continue Reading
By
- Rob Wright, Senior News Director
Answer 07 Jun 2017
How does Facebook's Delegated Recovery enable account verification?

Facebook's Delegated Recovery aims to replace knowledge-based authentication with third-party account verification. Expert Michael Cobb explains how this protocol works. Continue Reading
By
- Michael Cobb
Feature 18 May 2017
Okta Adaptive MFA gives companies flexible authentication

Okta Adaptive MFA offers businesses a range of flexible authentication methods that use different contexts to determine which factors provide users with access. Continue Reading
By
- David Strom
Feature 15 May 2017
Summing up Symantec VIP Service, a multifactor authentication tool

Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security. Continue Reading
By
- David Strom
Feature 15 May 2017
An in-depth look at Gemalto's SafeNet Authentication Service

Expert David Strom provides an in-depth look at Gemalto's SafeNet Authentication Service, a SaaS-based multifactor authentication product for boosting login security. Continue Reading
By
- David Strom
Answer 12 May 2017
How did a Slack vulnerability expose user authentication tokens?

A Slack vulnerability exposed user authentication tokens and enabled hackers to access private data. Expert Matthew Pascucci explains how and why this hack was successful. Continue Reading
By
- Matthew Pascucci
Feature 11 May 2017
SecureAuth IdP: An overview of its multifactor authentication ability

Expert David Strom looks at how SecureAuth IdP uniquely combines multifactor authentication and single sign-on login capabilities in a single product. Continue Reading
By
- David Strom
Feature 10 May 2017
VASCO IDENTIKEY Authentication Server and a look at its key features

Expert David Strom takes a closer look at VASCO's IDENTIKEY Authentication Server, one of the leading multifactor authentication products on the market. Continue Reading
By
- David Strom
Feature 05 May 2017
Quest Defender protects businesses with two-factor authentication

Through the Defender Management Portal, Quest Defender lets users request hard and soft tokens to provide valuable two-factor authentication and monitor all token activity. Continue Reading
By
- David Strom
Guide 11 Apr 2017

How to deal with Identity and access management systems

An identity and access management system is increasingly essential to corporate security, but technological advances have made managing an IAM more complex than ever. Continue Reading
Answer 27 Mar 2017
How do identity governance and access management systems differ?

Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM. Continue Reading
By
- Matthew Pascucci
Tip 06 Mar 2017
Why authorization management is paramount for cybersecurity readiness

After enterprise identities are authenticated, an authorization management system should monitor how resources are being used. Expert Peter Sullivan explains how it can work. Continue Reading
By
- Peter Sullivan
Buyer's Guide 13 May 2015

Multifactor authentication: A buyer's guide to MFA products

In this SearchSecurity buyer's guide, learn how to evaluate and procure the right multifactor authentication product for your organization. Continue Reading