Identity and access management
Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.
Top Stories
-
Tip
16 Oct 2025
How to create a digital signature in Adobe, Preview or Word
Business executives can use different tools and methods to get digital signatures to close deals, but some important security features should also be considered. Continue Reading
-
Tip
08 Oct 2025
Test conditional access with Microsoft Entra ID What If tool
Admins should employ regular use of this simulation tool to ensure conditional access policies have no conflicts and avoid access problems that can slow down users. Continue Reading
-
Opinion
07 Oct 2025
Identity security tool sprawl: Origins and the way forward
From IGA to ITDR, identity teams juggle diverse security functions. Explore how tool proliferation affects operations and consolidation strategies. Continue Reading
-
Tip
02 Sep 2025
An introduction to AWS IAM and security best practices
With AI threats rising and machine identities outnumbering humans 82-to-1, discover how AWS IAM's authentication and authorization framework safeguards your cloud resources. Continue Reading
-
Opinion
20 Aug 2025
Identity and data security themes at Black Hat 2025
Read about the identity and data security happenings at Black Hat 2025, including advancements that enable AI adoption and products that help prepare for a post-quantum world. Continue Reading
-
Tip
14 Aug 2025
How to remove digital signatures from a PDF
Digital signatures let organizations execute and secure agreements, but users can remove them if they need to reformat documents or protect signers' privacy. Continue Reading
-
Tip
11 Aug 2025
A practical guide to PATs in Azure DevOps
In the rapidly evolving DevOps landscape, understanding how and when to use PATs empowers users to build flexible, secure and reliable automation strategies. Continue Reading
-
Feature
08 Aug 2025
Experts weigh in on securing AI effectively
Using AI comes with security risks. Learn what the top attack vectors and privacy threats are, then discover how to mitigate them through proper strategy, monitoring and more. Continue Reading
-
Tip
06 Aug 2025
Understanding Android certificate management
Discover how to effectively manage digital certificates on Android devices, including installation methods, EMM tools and best practices for enterprise security. Continue Reading
-
Video
05 Aug 2025
AI security: Top experts weigh in on the why and how
AI is everywhere, so security focus on this new technology is essential. In this podcast episode, three top security experts review the risks and discuss ways to mitigate them. Continue Reading
-
Tip
31 Jul 2025
How liveness detection catches deepfakes and spoofing attacks
Biometric liveness detection can stop fake users in their tracks. Learn how the technology works to distinguish real humans from deepfakes and other spoofing attacks. Continue Reading
-
Definition
18 Jul 2025
What is biometric authentication?
Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify their identity. Continue Reading
-
Video
17 Jul 2025
An explanation of identity and access management
Identity and access management systems safeguard businesses by controlling digital identities, managing access rights and implementing security protocols. Continue Reading
-
Feature
08 Jul 2025
How to implement zero trust: 7 expert steps
Zero trust means a lot more than determining how users access resources. Successful implementation takes time, commitment and ongoing support. Continue Reading
-
Definition
02 Jul 2025
What is a message authentication code (MAC)? How it works and best practices
A message authentication code (MAC) is a cryptographic checksum applied to a message to guarantee its integrity and authenticity. Continue Reading
-
Definition
02 Jul 2025
What is the principle of least privilege (POLP)?
The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
-
Definition
27 Jun 2025
What is phishing? Understanding enterprise phishing threats
Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person to trick users into revealing sensitive information. Continue Reading
-
Tip
27 Jun 2025
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
-
Opinion
26 Jun 2025
Top identity security themes at Identiverse 2025
Identiverse 2025 found security pros tackling nonhuman identity risks, preparing for agentic AI challenges and shifting from homegrown to commercial CIAM tools. Continue Reading
-
Guest Post
25 Jun 2025
Authorization sprawl: Attacking modern access models
Attackers exploit authorization sprawl by using legitimate credentials and SSO tokens to move between systems, bypassing security controls and deploying ransomware undetected. Continue Reading
-
Definition
25 Jun 2025
What is Single Sign-On (SSO)? Definition, How It Works & Benefits
Single sign-on (SSO) is a session and user authentication service that lets users access multiple applications or systems with a single set of login credentials. Continue Reading
-
Tip
25 Jun 2025
10 remote work cybersecurity risks and how to prevent them
Larger attack surfaces, limited oversight of data use, AI-driven attacks and vulnerable enterprise technologies are among the security risks faced in remote work environments. Continue Reading
-
Tip
24 Jun 2025
Cybersecurity governance: A guide for businesses to follow
Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy. Continue Reading
-
Tip
24 Jun 2025
Multifactor authentication: 5 examples and strategic use cases
Before implementing MFA, conduct a careful study to determine which security factors offer the strongest protection. Passwords and PINs aren't cutting it any longer. Continue Reading
-
Feature
20 Jun 2025
What executives must know about nation-state threat actors
Nation-state threat actors like Russia, China, Iran and North Korea are targeting critical infrastructure and sensitive data, so executives must prepare to defend against them. Continue Reading
-
Tip
17 Jun 2025
How to set up Windows Hello for Business, step by step
Licensing for Windows Hello for Business is a simple process, but the setup involves making several decisions, including how to host the service, authentication types and more. Continue Reading
-
Feature
16 Jun 2025
3 leading multifactor authentication tool providers
Compare top MFA providers Cisco, Okta and Ping Identity. Learn product features and pricing tiers, and get advice on selecting a product for your organization's security needs. Continue Reading
-
Tutorial
16 Jun 2025
Hydra password-cracking tool: How to download and use it for good
Ethical hackers, need help brute forcing passwords? Learn how to download and use the open source Hydra password-cracking tool with this step-by-step tutorial and companion video. Continue Reading
-
Definition
16 Jun 2025
What is HMAC (Hash-Based Message Authentication Code)?
Hash-based message authentication code (HMAC) is a message encryption method that uses a cryptographic key with a hash function. Continue Reading
-
Tip
10 Jun 2025
Enumeration attacks: What they are and how to prevent them
User and network enumeration attacks help adversaries plan strong attack campaigns. Prevent them with MFA, rate limiting, CAPTCHA, secure code and more. Continue Reading
-
Tip
10 Jun 2025
How to calculate Windows Hello for Business cost
Just how much does Windows Hello for Business cost? It's not exactly a simple answer, but the good news is that there are lots of ways to attain a license. Continue Reading
-
Definition
10 Jun 2025
What is Cisco ISE?
Cisco Identity Services Engine (ISE) is a security policy management platform that provides secure network access to end users and devices. Continue Reading
-
Tip
09 Jun 2025
Fix Active Directory account lockouts with PowerShell
Entering the wrong credentials so many times can block users from logging in. This tutorial explains how to find and correct these issues and other lockout events. Continue Reading
-
Feature
06 Jun 2025
Why identity is the new perimeter – and how to defend it
Identity has replaced network boundaries as today's security perimeter. Organizations must focus on protecting digital identities to safeguard their assets. Continue Reading
-
Tip
06 Jun 2025
How to navigate the Windows Hello for Business requirements
While Windows Hello is easy to set up on the user level, Windows Hello for Business needs a bit more back-end legwork to meet the infrastructure and licensing requirements. Continue Reading
-
Definition
06 Jun 2025
What is cyber extortion?
Cyber extortion is a crime involving an attack or threat of an attack, coupled with a demand for money or some other response, in return for stopping an attack or preventing one from happening. Continue Reading
-
Tip
03 Jun 2025
Account lockout policy: Setup and best practices explained
Organizations must carefully balance security and UX when implementing account lockout policies. Continue Reading
-
Definition
02 Jun 2025
