Tag: Authentication Services

Doing 2FA Better Could Mean Using Social Factors

In my last post regarding weaknesses in how 2FA is implemented in the systems we rely on to secure us, I teased a thought that had occurred to me in going through the analysis I presented in the post. As usual, life intervened to distract me, but this recent post by Coinbase sharing their experience of

Doing 2FA Correctly Requires More Than 2 Factors

Two Factor Authentication (or 2FA) has been in the news a lot recently. There was the kerfuffle over NIST putting into their update of 800-63 that SMS-based 2FA is insufficiently secure and should be deprecated (something most security experts agree on). That update (still in draft) came too late for the Social Security Administration (SSA),

Conflation or Confusion? You Decide

RWW Enterprise just covered the latest update of PingFederate in an article titled It’s PingFederate 6.6 Versus “Identity as a Service”. I couldn’t pass up the opportunity to comment on some details that made me cringe, so naturally this blog post was born. Please note that this is not about PingFederate in specific, a product

Cardspace and the KISS Principle

(My original title for this post was “Cardspace, We Hardly Knew Thee”, but Dave Kearns stole that by a nose). RSA is not the best conference for identity related news and topics, but there were more than a few interesting story lines that emerged last week (and no, I am not referring to what went

The ‘x’ in xAuth stands for…

…xhausting! OK! So being at a conference (Cloud Computing Expo in NYC, where Oracle is making big waves with announcements in the PaaS space) where I had no wi-fi or power meant that I was trying to follow the big xAuth announcement via Twitter on my iPhone over 3G – note exactly the easiest thing.