The U.S. Army’s wearable authentication tokens intended for the tactical environment could be used for nontactical purposes, such as accessing strategic-level systems, enterprise networks and medical ...

VeriSign has released VIP (VeriSign Identity Protection) Access for Mobile (iTunes Link), a free app that lets you supplement typical user Web site log-ins with an extra, cryptographically strong ID ...

An advisory from the U.S. National Security Agency provides Microsoft Azure administrators guidance to detect and protect against threat actors looking to access resources in the cloud by forging ...

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and ...

Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization, according to the security firm Vectra. The ...

AiTM attacks don't steal passwords; they copy the result of a real login. You need to watch what happens after the user logs in to catch a hijacked session.

A disturbing new report finds that three-quarters of mobile applications analyzed contained valid Amazon Web Services Inc. access tokens that allowed access to private AWS cloud services. The findings ...

Application providers charge fees to implement single sign-on but don't deliver a full SSO experience. Threat actors are taking advantage of the situation. We hate asking an organization we are ...

Authenticating users who log onto your network by account name and password only is the simplest and cheapest (and thus still the most popular) means of authentication. However, companies are ...