20.7.2017

Bypassing Common Two-Factor Solutions

By Otto Sulin

A Primer on Two-Factor Authentication

Two-factor authentication (2FA) is the security feature everyone knows. Any worthwhile security expert takes the opportunity to remind an organization or individual that they should enable two-factor authentication to their services.

But let's trace back a bit. So what does two-factor authentication actually mean? There are three general types of authentication:

Read more
13.3.2017

Why complicate things? Just ask to enter!

By Chris van den Hooven (en)

The easiest way to get what you want is to ask. Want access? Ask if you can go inside! You can also come up with a trick, bribe somebody or break in. When you want to keep out uninvited guests, then you have to look further than your resistance against burglary. Making the supermarket burglary proof does not keep out the shoplifter.

Read more
30.11.2016

How to cope with digital identities - Migrating from RBAC to ABAC (part 4)

By André Koot

Show me a role and I’ll show you an attribute

Read more
9.11.2016

When user management gets in the way of spending

By Mikko Nurmi

Cart abandonment has been exhaustively studied. Several studies conducted over the last ten years shows that the average cart abandonment rate is as high as 69 percent. To see how many euros never leave your customers' pocket, multiply this number with the average value of your cart.

Read more
1.11.2016

How to cope with digital identities - Migrating from RBAC to ABAC (part 3)

By André Koot

This is the third blog in the series on the migration of Role Based Access Control to Attribute Based Access Control. In Part 1, I described that in my view RBAC should be considered end-of-life and in Part 2, I described that migration can take place in phases, by first applying a form of hybrid ABAC.

Read more
25.10.2016

Qvarn, Nixu, Gluu and Yubico to jointly demonstrate secure “mobile handshake” at Nordic IT Security Conference on 26 October 2016 in Stockholm

By Eetu Simpanen

At the Nordic IT Security Conference in Stockholm, Sweden on 26 October 2016, the partners behind the award-winning, free and open-source Qvarn Platform will jointly demonstrate how a mobile phone can be used together with a Yubikey USB authentication device for secure personal identification. With this physical “mobile handshake,” people can digitally authenticate their identity both online and at physical locations – for secure access to person registers, workplaces and other domains.

Read more
3.10.2016

How to cope with digital identities - Migrating from RBAC to ABAC (Part 1)

By André Koot

A long time ago I wrote the following statement on my LinkedIn profile: "RBAC is EOL". And in my not so youthful overconfidence I mentioned this during an intake with a potential customer, who asked me how they could introduce Role Based Access Control (RBAC) as conveniently as possible. That talk never materialized into an assignment…

Read more
1.7.2016

Your customer experience needs easy authentication

By Joonatan Henriksson
I just activated the Google app authentication on my Google account. First attempt on login failed which was a bit annoying, but second one was already successful (even Google might not get things right the first time it seems ;-). 
 
Read more
1.7.2016

Asiakaskokemuksesi vaatii helpon käyttäjätunnistuksen

By Joonatan Henriksson

Aktivoin juuri Google tiliini mobiilisovellustunnistamisen. Ensimmäinen kirjautumisyritys harmikseni epäonnistui, mutta toinen yritys oli onnistunut (Googlekaan ei nähtävästi saa kaikkea kerralla oikein ;-).

Read more

Pages

Subscribe to Identity and Access Management (IAM)