The dictionary definition of trust, according to Merriam-Webster, is the “assured reliance on the … truth of someone or something.” In today’s digital world, trust can be a tricky concept. To do business online, whether you are a bank, retailer, insurer, airline or anything else, you must have some degree of trust in your user — trust

Identity authentication is absolutely necessary to conducting our affairs today. Without it, we would lose virtually all confidence to conduct business or create and foster relationships. But with ever increasing concerns related to data privacy, it is worth looking at the past to see what future challenges we may face in the digital identity space. From Jew

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to re

As we approach the holiday season, both consumers and IT professionals are considering replacing their old devices with a whole new lineup of smartphones, phablets and tablets. Whether you’re treating yourself, adding to your wish list or considering options for your next enterprise rollout, it’s important to weigh the pros and cons of introducin

Introduction Out of the five main information security pillars, namely confidentiality, integrity, availability, authenticity and irrefutability, common users give more attention to the first one. But in real life even though in general people agree with the importance of backup, not many actually implement this security mechanism. What one says and what one

APNIC Deputy Director General Sanjaya confirmed that Whois data were accidentally exposed online included authentication details. The Asia-Pacific Network Information Centre (APNIC) is a non-profit organization that provides Internet addressing services in the Asia-Pacific region. The APNIC made the headlines because it was informed about a Whois-related sec

Since it first appeared in 2009, the bitcoin network has grown significantly. The digital currency’s recent surge in value has sparked discussions within the security space about the benefits of blockchain, a technology that promotes the type of trust that is sorely lacking in some digital transactions. Today, people are exchanging real money for cryp

Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. Experts at RIPS Technologies discovered a login page flaw affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. The flaw affects Joomla installs when using Lightweight Directory Acces

Have we been creating passwords the wrong way all along? You might think so, based on the new set of guidelines the National Institute of Standards and Technology (NIST) recently issued about the best password practices. NIST Special Publication 800-63 is a comprehensive guide to managing digital identity, and its recommendations are widely adopted by organi

As public administrators have learned, efficiency in government is largely a matter of executing the small things well. A saved mailing expense or avoided delay can add up to a lot more work for a lot less tax money, which is one practical definition of good government in action. One example of this process is a current U.S. Census Bureau initiative to imple

Over the past few months, we have seen widespread attacks such as NotPetya and WannaCry cripple organizations at record scale and speed, either for monetary gain or with the sole purpose of causing destruction. In their wake, many professionals are assessing what these new threats mean for their security strategies, infrastructures and policies. As a point o

The anonymous CynoSure Prime ‘cracktivists” reversed 320 million hashed passwords dumped to the popular researcher Troy Hunt. The anonymous CynoSure Prime ‘cracktivists” is back and reversed 320 million hashed passwords dumped to the popular researcher Troy Hunt. Two years ago the CynoSure Prime group reversed hashes of 11 million lea

Digital security certificates have become a vital part of online communications. Combining cryptography with a standardized format, they have grown from simple assertions of identity to full authentication methods. But as important as they have become, security certificates remain fallible. More Certificates, More Problems According to a Venafi study, 79 pe

PostgreSQL has issued three security patches for 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22 versions. Update them as soon as possible. PostgreSQL has issued three security patches for 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22 versions. “The PostgreSQL Global Development Group is pleased to announce the availability of PostgreSQL 10 Beta 3 and updates to a

Remote authentication traditionally depends on two factors: something the user knows, such as a password, and something the user has, such as a hardware token. This is called two-factor authentication (2FA). In practice, something that the entity knows typically serves as the primary method of authentication. Passwords have long reigned supreme because the