I can’t put it better than exabrial, who sums up with this call to action to remove it: "It's not better than nothing, it's worse than nothing."
Developers can move into a passwordless future in which devices manage keys and authentication can be completed easily and on demand. Here's how.
Stop using SMS, robocalls, or CallerID for authentication or identification: It’s not secure—and it never has been.
It’s time to admit that the one-way security workflow model is broken, and periodic access review is insufficient. Here's why.
Today's cloud security concerns are more about threats further up the stack, like configuration and authentication. Here's what your team should know.
A well-managed identity and access management program can turn security reviews into a welcome collaboration instead of just more work. Here's how.
Two new bugs—now fixed—show how single sign-on systems can fall prey to attackers. Here's what went wrong, and what you can learn from it.
The move to SaaS has simplified single sign-on. But corporate infrastructure is not any simpler. Here are five SSO recommendations for the enterprise.
User and entity behavioral analytics tools let you detect unusual credential usage that could represent misuse, and respond accordingly.
Envision a single administrative console, one audit report for compliance, and a centralized enforcement. Extending Active Directory is key.