IAM Best Practices to Reduce Your Attack Surface

When I read the 2017 Verizon data breach report, I couldn’t help but notice that it would be relatively easy to reduce an attack surface by implementing a few best practices. Granted, that might mean you will need to spend some money, but considering that a breach could cost you $15 Million or more, according to Ponemon, and considering that 81% of breaches involve a weak or stolen password, wouldn’t it make sense spending your money where it has the most impact? Organizations need to reduce their attack surface! Now before I share tips provided by Verizon and Centrify on how you…

How Can User Behavior Analytics Kill the Password?

Last time, I wrote about adaptive authentication and briefly touched on behavior analytics being an integral part of adaptive authentication. For true behavior analytics, you need some smart AI powered multi-factor authentication (MFA). Now, if you think about it and put the pieces of the puzzle together you might be able to kill passwords altogether. Wouldn’t that be nice? You no longer need to remember any passwords and all you need is access to one of your MFA tools when authenticating. With the increased use of smart phones and other devices for MFA, businesses now more than ever have the…

Windows 2FA – It’s a Big “Where” In “Everywhere”

If you’re a regular reader of our blog, you’ll know that here at Centrify, we’re big believers in multi-factor authentication (MFA) and strong supporters of MFA Everywhere. Passwords don’t protect us, our data or our businesses – and we need something better. As an extension of our commitment to eradicate passwords wherever possible, and bolster security with MFA wherever we can, we’ve extended our “MFA Everywhere” initiative with a key new “where” – 2FA for Windows logon. Speed and Security We can hear the cries now: “2FA! Windows Logon! Won’t that slow all my users down?” Not if the second…

Podesta Twitter Hack: A(nother) Lesson on Two-Factor Authentication

In the midst of the WikiLeaks’ release of thousands of emails purportedly from his inbox, Hillary Clinton Campaign Chairman John Podesta has now become the victim of a hack into his Twitter account. CNN is reporting that Podesta’s account was hacked on Wednesday, September 12, and that, just as Clinton landed in Las Vegas, Podesta ostensibly tweeted, “I’ve switched teams. Vote Trump 2016. Hi pol.” While the specific details of the hack have yet to be discovered, a likely scenario is that Podesta’s Twitter account was protected solely by a username and password – without any form of two-factor authentication….

What is a Derived Credential Anyway?

What is a derived credential anyway? You may have heard that Centrify announced support for “derived credentials,” in conjunction with its smart card offering. If you aren’t in the federal or ultra-secure enterprise space, you’ve probably never heard of derived credentials. So what’s so special about it? Users that are issued smart cards as their primary means of authentication have to physically insert a card into a reader on their desktop/laptop and then enter a PIN. This form of authentication replaces the username and password, and also covers the 2-factor requirement as well. (The card is something you have, and…

Creating a Custom WS-FED Application

In this blog post I’d like to show you how to create a custom WS-Fed application on the Centrify User Portal. This may be an existing internal app or a 3rd party hosted application. As you probably know by now Centrify provides about 3,000 application profiles out of the box, but there are those cases when you might have an internally developed app or a lessor know 3rd party app that supports WS-Fed and you would like to provide it with single sign-on . I’ve included a primer on how SSO works with WS-Fed as well as detailed instructions on…