Meeting the DFARS MFA Requirements—What You Need to Know

As we noted in two previous blog posts, the deadline for complying with the Defense Federal Acquisition Regulation Supplement (DFARS) data security requirements is Dec 31, 2017.

In one post, we explained the basics of the DFARS data security rules, and in the other we explored the “14 families” of security measures outlined in National Institute for Standards and Technology Special Publication 800-171 (NIST SP 800-171). 

Read More

How to Overcome the Security Hate Factor when Implementing MFA

While best practice security policies and technology help to better secure an enterprise’s critical systems and data,  the added disruption, inconvenience, and effort required by this stepped-up security often create real headaches and bad feelings toward the new policies and technologies.

This is described as a “general hatred of security,” by Mike Pinch, the chief information security officer at University of Rochester Medical Center (URMC), in a presentation to the URMC Security Council.

Read More

University Security: Implications of BYOD Policies - Part 2

Bring-your-own-device (BYOD) policies are now a necessity for universities and colleges across the country. In Part 1 of this series, we covered the positives and negatives of BYOD, as well as the security implications of such policies. In this post, we’ll go over how to easily implement secure BYOD using a modern identity and access management (IAM) platform.

Read More

Why Are Flexible Authentication Policies Important in Today's Environment?

Gone are the days of your employees working a standard nine to five from within company walls. Today, employees often work remotely—from different devices and at all hours of the day.

Read More

Why SMS 2-Step Verification Won’t Keep You Safe

If you’re active with any online service, then you have probably gone through the process of SMS two-step verification, in which a company or app texts a one-time code to your phone as a way to verify you are who you say you are in order to access the service or reset a password. But have you ever stopped to consider how secure this method truly is?

Read More

What Is Risk-Based Authentication?

As businesses onboard more mobile and remote employees, partners, contractors, and other external users, the volume of people needing access to critical systems and data grows exponentially. And while this increased connectivity provides tremendous operational and productivity benefits, it also creates new attack vectors for intruders and cybercriminals.

Read More

Enterprise Password Management: Mandatory Changes Out and MFA In

In enterprises around the globe, it’s becoming increasingly clear that implementing mandatory password changes is no longer considered best practice for securing key systems and data.

Of course, we’ve long known that passwords are a weak link in the security chain. Eighty percent of hacking-related breaches in 2017 leveraged either stolen passwords and/or weak or guessable passwords, according to the latest Verizon Data Breach Investigations Report.

Read More

Identity Management Best Practices: Start with the Basics

Another year, another Verizon Data Breach Investigations Report (DBIR), another depressing look into the state of global cybersecurity preparedness.  

Read More

Research Shows It Only Takes 9 Minutes Before Stolen Information Is Purchased & Used

What happens when stolen personally identifiable information (PII) is made public? Recently, the Federal Trade Commission (FTC) attempted to answer this question by designing and conducting a study to track the use of stolen information.

Read More

6 Guiding Principles for Selecting a Multi Factor Authentication Solution - MFA 101, Part 3


Now that we’ve
built a base knowledge of multi factor authentication (MFA) and discussed the reasons why your organization might need and benefit from it, it’s time to talk about what to take into consideration when selecting and implementing an MFA solution.

Read More

Subscribe Here!