Identity Management Blog

I consider a Zero-Password Enterprise to be one in which the end user does not have to remember or be prompted for additiona l passwords for each of the applications she is accessing. Rather, the user is authenticated by a primary authentication authority which acts as the main identity provider. Ideally, this primary authentication authority employs a multi-factor authentication scheme (i.e. ...

Biometrics are nothing new to the IAM space, yet it seems that security measures like fingerprint readers and retinal scanners were reserved for highly regulated industries, the government and the movies; but all of that is changing. Advancements in consumer technology are changing the way we approach technology. MP3 players existed before the iPod, smart phones existed before the iPhone, tablets ...

I just checked out Microsoft’s Two-Factor Authentication and I have to say, I’m a little disappointed. While I am happy that they now offer two-factor authentication, there needs to be a balance between security and usability in order for people to adopt it.

If you've been following Authentication related discussions, you know that a lot of the tactical focus is on adding additional authentication factors to the base username/password login mechanism as a way of making it more secure. This is particularly true in consumer facing applications, as brought into stark contrast by the Mat Honan hack episode. A cornerstone in this is the use of SMS ...

Wired has the kind of article that will make all of us leading highly digitized lives (is that the right term?) wake up in a cold sweat. While the title - How Apple and Amazon Security Flaws Led to My Epic Hacking - may strike many as sensationalist, the article does a good job of showing just how the rappel ropes of our digital lives have mushroomed into a beast that we can't manage or hardly ...

This post also appears here on my personal blog. I never thought I would have a post on Identity Management and Security inspired by a cartoon, but here we are. In my earlier post about using CAPTCHA for authentication, I referenced a blog post by Thomas Baekdal.  A large part of his post was devoted to the idea that one should use a password comprised of a few relatively uncommon English words, ...

The really hot summer is finally here after a long, cold winter and a short spring – Thanks Global Warming.

Part 1 provided context for the Enterprise IAM consumerization trend and talked about the positive and negative implications of the trend. In this article, I will discuss additional considerations and recommendations about this trends and how organizations may choose to approach it.

  I would like to express my sympathy to those affected by the terrible earthquake and tsunami that hit Japan this past Friday 3/11/2011.  This has been a terrible tragedy, and I can only hope that things begin to get to a stable state. By now, I figure everyone is familiar with the trend of “Consumerization of Enterprise IT.”   It is clear the Enterprise is being forced to adapt to change due to ...