Let’s Hope It Works *This* Time

Well, this is a big one for the identity industry. Two stalwarts becoming one. >> Thoma Bravo Completes Acquisition of ForgeRock; Combines ForgeRock into Ping Identity As someone who was there and in the thick of it during the last big merger of identity players, I wish all my (too many to tag) friends at

The Burden We Bear

Dealing with privacy issues isn’t as simple as the tech (and all too often the security) industry thinks. There are some real challenges and ethical conundrums to deal with, and we ignore the reality of the society into which our products are going at our own peril. We are seeing this happen full force right

The Design of Trustworthy Things

With this years Identiverse just over a month away (and the deadline to get the draft of my talk this year swiftly approaching), I was reminded that I never got around to sharing video of the keynote I gave at last years conference. It was very kind and a tremendous vote of confidence in me

Helping Your People to Safely Work From Home With REL-ID WFH

“May you live in interesting times”– someone who clearly had a sardonic streak I’d call the time we’re living in right now more than just interesting. The COVID-19 pandemic has hit every organization like a ton of bricks, and we’re all struggling to adapt. Obviously one of the biggest challenges has been the need for

Hu: The Missing Element

Below you can find a version of the talk that I just gave at the European Identity Conference and at Identiverse talking about what I consider to be the missing element in Identity Management. Seems the curse that the A/V gods put on me at last years Cloud Identity Summit survived the conference rebranding, as

Will GDPR Kill Risk-Based Authentication?

No, I’m not declaring another thing in identity management dead. Instead, I’d like you to join me in exploring something that has been bugging me quite a bit lately. Risk-based Authentication can cover a spectrum of capabilities, but most generically it is a passive authentication factor that tries to measure the risk of a particular

Securing Our Biometrics-Based Future

The last few years have seen an uptick in efforts to use biometrics more widely in authentication, most notably driven by the consumerization effect of Apple introducing Touch ID and Face ID. But this could be the (strong) nudge that was needed to push it over the edge. Mastercard just announced that all issuers of

My Next Gig: Delivering the Identity-Defined Perimeter with Uniken

Back in 2013, I opened my ‘Hitchhikers Guide to Identity’ talk with the following slide. As an industry, we’ve come a long way since then. Multi-factor Authentication is mainstream, as is Paul Madsen’s t-shirt contest at CIS. Most companies are no longer debating whether their security can be entrusted to cloud-based solutions, as IDaaS solutions

Invisible Identity, or How to Delight People & Secure Users

So I waited patiently for the folks at the Cloud Identity Summit to publish on their Youtube channel the talk I gave earlier this year on Invisible Identity. But it never came. Turns out that a few session recordings got messed up, and unfortunately mine was among them. I sense Paul Madsen’s hand in this.

Doing 2FA Better Could Mean Using Social Factors

In my last post regarding weaknesses in how 2FA is implemented in the systems we rely on to secure us, I teased a thought that had occurred to me in going through the analysis I presented in the post. As usual, life intervened to distract me, but this recent post by Coinbase sharing their experience of