While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.
Businesses remain plagued with weak, reused, old, and potentially-compromised credentials, and every password is a potential entryway to the business that needs to be properly protected and managed. While technology can help address these issues, it is critical to address people and processes first to improve the...
Following the recent data breach affecting 1.5 million patients of Singapore-based SingHealth, the country's largest healthcare group, the Monetary Authority of Singapore has asked all financial institutions to tighten their customer verification process by applying multifactor authentication.
Early experiments are demonstrating how blockchain, the distributed and immutable ledger behind virtual currencies, potentially could play an important role in identity management, says Avivah Litan, a Gartner Research analyst who will be a featured speaker at ISMG's Security Summit Aug. 14-15 in New York.
Blockchain, the digital ledger used for cryptocurrency, can serve as an effective identity management platform, asserts Chris Boscolo, CEO of ZNO Labs, who describes an approach he calls "self-sovereign identity."
An Australian company that issues identity cards for access to airports has been notifying applicants and cardholders that their personal information may have been compromised, according to a news report. Australian federal police are investigating.
Consumers are more concerned than ever about their identities being compromised, yet they're failing to connect the dots between fear and preventive measures, according to recent research conducted by IDology. John Dancu, the company's CEO, explains the implications for businesses.
Businesses spend billions each year on identity and access management, but almost all of this money is spent on protecting the digital identities of humans - usernames and passwords.
On the other hand, businesses spend almost nothing on protecting machine identities, even though our entire digital economy hinges...
Over 55 percent of people will reuse passwords despite acknowledging the risks, says Amber Steel of LastPass. In the enterprise context, this bad behavior needs to be addressed without burdening employees with policies which could impact productivity, she says.
Technology, regulations and customer expectations all have evolved, but what does this mean for how organizations secure identities?
This evolution has proven to be a two-sided coin, particularly for financial institutions. It's not only allowing financial institutions to offer new, innovative products where...
What are the best practices for addressing security in "smart city" projects? Vikas Kanungo, senior consultant, transport and ICT global practice, at the World Bank, offers insights in an in-depth interview.
The beauty of the cloud is that it's possible to expand capabilities like short-term capacity or long-term backups quickly and without the costly infrastructure and additional employees associated with on-premise equipment.
Unfortunately, many organizations are discovering their cloud environments are unattended...