A Review of the Best News of the Week on Identity Mgt & Web Fraud
How to speed up IoT deployment: Give each device an identity (Network World Security, Oct 12 2017)
In our example, an administrator has to correctly enter 1,000 serial numbers or other identifier in a manual process that could take three to five minutes per bulb. Multiply that by 1,000 light bulbs and by potentially many thousands of other devices, and that’s a big resource drain. Here’s some better ideas…
Biometrics and blockchains: Why identity matters (CSO Online, Oct 09 2017)
Soon after the release of the Bitcoin protocol, many people realized that blockchain transactions can house more than just “coin” transfers – they could represent birth certificates, property deeds, academic credentials, etc. They could be used to record almost anything so that the information attached to a transaction (e.g., via OP_RETURN operands) was highly available, decentralized and tamper-evident.
Replacing Social Security Numbers (Schneier on Security, Oct 05 2017)
In the wake of the Equifax break, I’ve heard calls to replace Social Security numbers. Steve Bellovin explains why this is hard…
PostgreSQL says SCRAM to MD5 authentication (The Register, Oct 09 2017)
With the release of PostgreSQL 10, the open source database’s developers are farewelling the deprecated MD5 in their authentication mechanism.
Deloitte: would two-factor authentication really have helped? (TEISS, Oct 09 2017)
The misuse of administrator credentials in the recent Deloitte incident is strong affirmation that identity and authentication should be at the centre of enterprise information security discussions.
Changes in Password Best Practices (Schneier on Security, Oct 10 2017)
1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don’t help that much. It’s better to allow people to use pass phrases.
2. Stop it with password expiration. That was an old idea for an old way we used computers. Today, don’t make people change their passwords unless there’s indication of compromise.
3. Let people use password managers. This is how we deal with all the passwords we need.
Authentication Heralds A Trust Revolution In Security (Forbes, Oct 10 2017)
The industry must lay a new foundation of trust for administrators and end users alike. The time has come to flip the security challenge on its head and to look at the credentials-breach issue from the inside out.
Equifax Hackers Stole Info on 693,665 UK Residents (Krebs on Security, Oct 10 2017)
Equifax Inc. said an investigation into information stolen in the epic data breach the company disclosed on Sept. 7 revealed that intruders took a file containing 15.2 million UK records. The company says it is now working to inform 693,665 U.K. consumers whose data was stolen in the attack.
Infographic: The Credit Card Data Breach Lifecycle (BioCatch Blog, Oct 07 2017)
When a data breach occurs, fraudsters work fast to put the stolen information to nefarious use, while card issuers and consumers begin to take action to protect against further damage.
The Gartner 2018 IAM Planning Guide Is Here! (Gartner Blog Network, Oct 05 2017)
“Each trend has a Planning Considerations section, where we provide guidance for 2018. Here they are:
1. Dependencies Among Multiple IAM Providers Will Introduce Availability Challenges
2. More Cloud Identities Will Need Access to On-Premises Applications
3. Expanded Use of IaaS Will Require Much Stronger IAM Governance
4. Analytics Will Help Organizations Keep Up With the Pace of Digital Change”
Cool, Creepy or Dangerous? 5 Key Lessons from the IAPP ANZ Summit (ForgeRock, Oct 09 2017)
Privacy and the “creepy line” were hot topics of discussion last week at the International Association of Privacy Professionals (IAPP) ANZ Summit held in Sydney.
Making the Multifactor Authentication Transition: 3 User Access Management Considerations (Okta blogs, Oct 05 2017)
With Adaptive MFA, you have plenty of options for how to authenticate identity. That means you can choose the methods that will be quickest, easiest and most secure for the employees using them. Does your team do a lot of work on the road?
Cybercrime and the Internet of Things: The Need for Digital Identities (ThreatMetrix, Oct 11 2017)
ThreatMetrix rolls out ThreatMetrix ID, which works behind the scenes to connect the dots between individuals, their devices, email addresses, phone numbers, payment cards, ship-to details, IP addresses, transaction details and hundreds of other dynamic attributes spanning online and offline worlds.