A Primer on Two-Factor Authentication
Two-factor authentication (2FA) is the security feature everyone knows. Any worthwhile security expert takes the opportunity to remind an organization or individual that they should enable two-factor authentication to their services.
But let's trace back a bit. So what does two-factor authentication actually mean? There are three general types of authentication:Read more
The easiest way to get what you want is to ask. Want access? Ask if you can go inside! You can also come up with a trick, bribe somebody or break in. When you want to keep out uninvited guests, then you have to look further than your resistance against burglary. Making the supermarket burglary proof does not keep out the shoplifter.
Show me a role and I’ll show you an attributeRead more
Cart abandonment has been exhaustively studied. Several studies conducted over the last ten years shows that the average cart abandonment rate is as high as 69 percent. To see how many euros never leave your customers' pocket, multiply this number with the average value of your cart.
This is the third blog in the series on the migration of Role Based Access Control to Attribute Based Access Control. In Part 1, I described that in my view RBAC should be considered end-of-life and in Part 2, I described that migration can take place in phases, by first applying a form of hybrid ABAC.Read more
Qvarn, Nixu, Gluu and Yubico to jointly demonstrate secure “mobile handshake” at Nordic IT Security Conference on 26 October 2016 in Stockholm
At the Nordic IT Security Conference in Stockholm, Sweden on 26 October 2016, the partners behind the award-winning, free and open-source Qvarn Platform will jointly demonstrate how a mobile phone can be used together with a Yubikey USB authentication device for secure personal identification. With this physical “mobile handshake,” people can digitally authenticate their identity both online and at physical locations – for secure access to person registers, workplaces and other domains.
Access control fundamentalsRead more
A long time ago I wrote the following statement on my LinkedIn profile: "RBAC is EOL". And in my not so youthful overconfidence I mentioned this during an intake with a potential customer, who asked me how they could introduce Role Based Access Control (RBAC) as conveniently as possible. That talk never materialized into an assignment…Read more
Aktivoin juuri Google tiliini mobiilisovellustunnistamisen. Ensimmäinen kirjautumisyritys harmikseni epäonnistui, mutta toinen yritys oli onnistunut (Googlekaan ei nähtävästi saa kaikkea kerralla oikein ;-).Read more