Identity at the Nexus of Security and Usability
If you’ve followed my last few blog posts, you may have noticed the topic of usability in security pop up quite a bit. I’ve said in the past that usability issues in security should be considered...
View ArticleThe 4 Core Principles of Invisible Identity
The Cloud Identity Summit is underway here in New Orleans, and it’s off to a great start. The organizers have done a wonderful job again, and with so much great content, the hardest thing is choosing...
View ArticleEpic Hacking Redux: The Hacking of DeRay and Our (Continued) Identity Challenge
Almost 4 years ago I wrote a post titled ‘The Epic Hacking of Mat Honan and Our Identity Challenge‘. In it I examined how hackers exploited the ways in which our online accounts are daisy chained...
View ArticlePrivacy in the World of Invisible Identity
In part 1 of my blog post expanding on my Cloud Identity Summit talk on Invisible Identity, I proposed ‘The 4 Core Principles of Invisible Identity‘ that ensure that security and usability stay in a...
View ArticleDoing 2FA Correctly Requires More Than 2 Factors
Two Factor Authentication (or 2FA) has been in the news a lot recently. There was the kerfuffle over NIST putting into their update of 800-63 that SMS-based 2FA is insufficiently secure and should be...
View ArticleDoing 2FA Better Could Mean Using Social Factors
In my last post regarding weaknesses in how 2FA is implemented in the systems we rely on to secure us, I teased a thought that had occurred to me in going through the analysis I presented in the post....
View ArticleInvisible Identity, or How to Delight People & Secure Users
So I waited patiently for the folks at the Cloud Identity Summit to publish on their Youtube channel the talk I gave earlier this year on Invisible Identity. But it never came. Turns out that a few...
View ArticleMy Next Gig: Delivering the Identity-Defined Perimeter with Uniken
Back in 2013, I opened my ‘Hitchhikers Guide to Identity’ talk with the following slide. As an industry, we’ve come a long way since then. Multi-factor Authentication is mainstream, as is Paul Madsen’s...
View ArticleSecuring Our Biometrics-Based Future
The last few years have seen an uptick in efforts to use biometrics more widely in authentication, most notably driven by the consumerization effect of Apple introducing Touch ID and Face ID. But this...
View ArticleWill GDPR Kill Risk-Based Authentication?
No, I’m not declaring another thing in identity management dead. Instead, I’d like you to join me in exploring something that has been bugging me quite a bit lately. It’s all about identifying someone...
View Article
More Pages to Explore .....