Motherboard reported on a Yet Another Gaping Security Whole in using mobile phone numbers for authentication. The headline put it very succinctly: A Hacker Got All My Texts for $16. [...]

Public Key Infrastructure (PKI) authentication is the most secure and reliable way to prove online identity, but it is rarely used by consumers.  There are three main obstacle to using [...]

The Center for Internet Security just updated their Password Policy Guide as a template for organizations to use as their own. The CIS announcement start out with at this seemingly [...]

Email addresses and usernames are used as proxies for identity when creating the userID for a service.  These are intended to be anchors in the service's user table; persistent, stable, [...]

Authentication is frequently confused with Access and Identity Management.  These concepts are often used interchangeably because  most existing authentication schemes were designed with the hierarchical, paternalistic mindset of traditional senior [...]

USA Today featured an excellent piece on underscoring the absurdity of our current acceptance of dense legal Terms of Service and Privacy Policies. @Jguynn succinctly summarize the status quo, “I have [...]

Companies wanting to improve user security have frequently turned to 2nd Factor Authentication. Authentication is commonly viewed as confirming one of 5 factors; 2nd factor authentication simply means relying on [...]