Recent public discussion of FIDO and digital certificates reveal details of Microsoft's approach to consumer digital authentication.
We look back at the continued erosion of reliable online identity, including deep fakes, celebrity phishing, AI-generated art and Twitter blue check marks.
We explore why the Twitter blue check marks failed and the challenges in authenticating and vouching for the identity of an individual or organization.
We explore out-of-band phone calling as a MFA method, including, what attacks it defends against successfully, and what attacks can circumvent it.
A new attack allows cloning of the Google Titan secure key. we describe this attack and its implications for Titan and other secure keys.
In 2020 COVID-19 changed the way we work. Our hosts dicsuss the affect on employee access, Zero Trust, retail IT, immunity passports, and more.
In our ongoing examination of MFA, we examine authentication through soft-token OTP (one-time passcode) and compare it to SMS tokens and hard tokens.
We discuss the weaknesses of passwords and why they nonetheless are still common. We describe the roadmap for weeding out passwords from most systems.
Hard tokens are an old multi-factor authentication (MFA) form factor, still in use today. We examine the strengths and weaknesses of hard tokens.
A discussion of passwordless authentication and access for Apple platforms (with Joel Rennich of Jamf).
How do digital identity and certificates fit into the SASE (Secure Access Service Edge) paradigm?
This white paper by Enterprise Security Group examines how PKI fits into and enables your zero-trust strategy.