Category: Insight IdM

Ethics vs Human-Centered Design in Identity

It was really nice of Elizabeth Garber to acknowledge me in the whitepaper that she co-authored with Mark Haine titled “Human-Centric Digital Identity: for Government Officials”. I recommend everyone read it, even if you aren’t in government, as it is a very strong and considerate effort to try and tackle a broad, complicated, but important

And Just Like That, He’s Gone

Writing this post is hard, because the emotions are still fresh and very raw. In so many ways, I feel like I was only just beginning to know Vittorio Luigi Bertocci.  Of course, we all feel like we “know” him, because he has always been a larger-than-life character operating at the very forefront of our

Let’s Hope It Works *This* Time

Well, this is a big one for the identity industry. Two stalwarts becoming one. >> Thoma Bravo Completes Acquisition of ForgeRock; Combines ForgeRock into Ping Identity As someone who was there and in the thick of it during the last big merger of identity players, I wish all my (too many to tag) friends at

The Design of Trustworthy Things

With this years Identiverse just over a month away (and the deadline to get the draft of my talk this year swiftly approaching), I was reminded that I never got around to sharing video of the keynote I gave at last years conference. It was very kind and a tremendous vote of confidence in me

Hu: The Missing Element

Below you can find a version of the talk that I just gave at the European Identity Conference and at Identiverse talking about what I consider to be the missing element in Identity Management. Seems the curse that the A/V gods put on me at last years Cloud Identity Summit survived the conference rebranding, as

Will GDPR Kill Risk-Based Authentication?

No, I’m not declaring another thing in identity management dead. Instead, I’d like you to join me in exploring something that has been bugging me quite a bit lately. Risk-based Authentication can cover a spectrum of capabilities, but most generically it is a passive authentication factor that tries to measure the risk of a particular

Securing Our Biometrics-Based Future

The last few years have seen an uptick in efforts to use biometrics more widely in authentication, most notably driven by the consumerization effect of Apple introducing Touch ID and Face ID. But this could be the (strong) nudge that was needed to push it over the edge. Mastercard just announced that all issuers of

My Next Gig: Delivering the Identity-Defined Perimeter with Uniken

Back in 2013, I opened my ‘Hitchhikers Guide to Identity’ talk with the following slide. As an industry, we’ve come a long way since then. Multi-factor Authentication is mainstream, as is Paul Madsen’s t-shirt contest at CIS. Most companies are no longer debating whether their security can be entrusted to cloud-based solutions, as IDaaS solutions

Invisible Identity, or How to Delight People & Secure Users

So I waited patiently for the folks at the Cloud Identity Summit to publish on their Youtube channel the talk I gave earlier this year on Invisible Identity. But it never came. Turns out that a few session recordings got messed up, and unfortunately mine was among them. I sense Paul Madsen’s hand in this.

Doing 2FA Better Could Mean Using Social Factors

In my last post regarding weaknesses in how 2FA is implemented in the systems we rely on to secure us, I teased a thought that had occurred to me in going through the analysis I presented in the post. As usual, life intervened to distract me, but this recent post by Coinbase sharing their experience of