01.27.2016 - Why You Need TOTP
Static Passwords Alone, Are A Thing of the Past. Gone are the days where a username and password alone are secure enough for an organizations sensitive data.Static passwords can easily be cracked or stolen, leaving your sensitive information vulnerable to hackers or unauthorized users. The worst part about that is you don’t even know that a password has been compromised until it’s too late. Vulnerabilities can even create headaches for managers as the weak authentication can leave users unaccountable for their actions. Another issue with static passwords is, let’s be honest, it’s hard to remember all the different passwords you have for all of the different accounts that you need to access. Forgotten passwords create not only a hassle for you, but also a lot of extra time wasted by your helpdesk or IT department that should be spent on more important issues. ...
01.18.2016 - Kerberos, The Three Headed Dog of Identity
01.5.2016 - It’s So Meta (data)
One of the key enabling technologies in Federation is Metadata. In the early days of SAML (yes there was a SAML 1.0) one of the more difficult aspects of setting up a federation relationship was exchanging signing certificates and unique identifiers. This often involved emailing public certificates and URNs back and forth, and in some cases, multiple times. In SAML 2 the problem got even worse because in addition to the sign on endpoints from SAML 1.0, there were now sign off endpoints to consider as well as more bindings. ...