For Security & Risk Professionals

Active Directory Q&A: Demand Rises

Directory Consolidation Saves On Administrative Costs, Eases Provisioning

by Andras Cser, August 11, 2009

For the past 10 years, Active Directory (AD) has remained the backbone of identity infrastructures. Organizations continue to struggle with consolidating AD domains across the enterprise and centralizing ownership for them. Business partners' information . . .

For Security & Risk Professionals

Best Practices: Implementing Strong Authentication In Your Enterprise

Kill Two Birds With One Token

by Bill Nagel, July 23, 2009

The adoption of strong multifactor authentication (MFA) is on the rise. It's often the first port of call on the journey to a fuller identity and access management implementation; MFA directly addresses the password problem, which is a well-known and . . .

For Security & Risk Professionals

Identity And Access Management Adoption In Europe: 2008

by Bill Nagel, April 16, 2009

Interest in and adoption of identity and access management (IAM) technologies has been growing steadily over the past few years, fueled both by the desire to streamline processes relating to employee, contractor, partner, and customer access to company . . .

For Security & Risk Professionals

Inquiry Spotlight: Identity And Access Management, Q4 2008

by Andras Cser, October 6, 2008

Identity and access management (IAM) continues to be a major topic of interest for security professionals. Between July 2007 and June 2008, Forrester's security and risk management team fielded 1,798 inquiries on a variety of topics — 291 of which were . . .

For Security & Risk Professionals

Privileged User Management Market Overview

Centrally Managing System Administrator And Application Credentials

by Andras Cser, June 30, 2008

Managing privileged users' access to sensitive systems needs to be centralized, policy-driven, and automated: Manual paper- or spreadsheet-based solutions are insecure, expensive, don't scale, and can't be sufficiently audited. Privileged user and password . . .

For Security & Risk Professionals

Forrester TechRadar™: Identity And Access Management, Q2 2008

Market Seeks Solutions That Support Business And IT Flexibility And Compliance

by Andras Cser, June 18, 2008

Identity and access management (IAM) continues to be a fragmented field of disjointed technologies with difficult and expensive implementation cycles and even more costly efforts in the wake of bad technology decisions. Products that give quick answers . . .

Do You "Remember Me"?

Improving Automatic Sign-In Enhances Convenience

by Zayera Khan, December 26, 2006

Consumers sign into Web sites using usernames and passwords on a daily basis. Many sites have enhanced the sign-in process with "remember me" functionality. But with consumers using multiple computers regularly, this function introduces privacy and security . . .

FFIEC Tells Banks To Formally Assess Fraud Risk

No Specific Requirement That Banks Adopt Strong Authentication

by Jonathan Penn, October 25, 2005

The Federal Financial Institutions Examination Council (FFIEC) issued new guidelines on online authentication, acknowledging that passwords are insufficient as the sole means of security. The new guidelines do not mandate any specific technology, but . . .

Security Comparison: Single Sign-On Versus Password Synchronization

by Jonathan Penn, September 9, 2004

If users have to manage too many passwords, they write them down or forget them. From this perspective, both password synchronization and enterprise single sign-on improve security by assisting people in managing their credentials. When directly comparing . . .

How Consumers Remember Passwords

by Benjamin Ensor, June 2, 2004

The typical Net user remembers eight different passwords and PINs, but the challenge of remembering so many different words and numbers is already hindering online commerce. Expect it to get worse. Firms must rein in unrealistic expectations of how many . . .

Fortifying The Password Reset Process

by Jonathan Penn, May 10, 2004

The password reset process typically represents the weakest link in user authentication. Without bolstering the password reset process, organizations cannot provide high assurance that users are properly identified when accessing resources and services. . . .

Microsoft Passport Risk: Lessons for All

by Jonathan Penn, June 11, 2003

Companies weighing whether to honor, or continue honoring, Passport authentication must balance its shortcomings against the risks of potential account compromise such as financial loss or loss of customer trust.

Microsoft Passport Risk: A Balancing View

by Rob Enderle, May 23, 2003

The recommendation to temporarily discontinue Passport use and make Passport an open source offering is without sufficient foundation, and does not address the current security problem.

Update: Making Passwords Fun

by Steve Hunt, January 7, 2003

Passwords are going to be around for a long time. None of the "newfangled" authentication types will completely displace passwords for years to come because passwords are just too familiar and easy for customers to deploy.

For Infrastructure & Operations Professionals

Password Reset by Voice Authentication Is Easy, but Pricey

by Elizabeth Herrell, August 15, 2002

Enterprises with a high volume of password reset requests should evaluate the benefits of voice password reset tools. Smaller companies may not be able to overcome the initial high cost and should consider browser-based options.

Password Management Is Moving Beyond the Help Desk

by Jonathan Penn, May 10, 2002

Password management is breaking out of its niche as a Help Desk tool, and is becoming an increasingly visible element of organizations' strategies to streamline administration, improve user productivity and enhance security.

Mobile Security: Use RIM Blackberry's Password Feature

by Ken Smiley, May 2, 2001

RIM Blackberry users should be using the built-in password feature, at a minimum, to secure the device. Any Blackberry device left unsecured exposes the user and the corporate e-mail system to intruders.

Password Reset Software Can Reduce Help Desk Costs

by Renee Woo, March 30, 2001

Help desk organizations with a high percentage of password-reset requests are strongly encouraged to consider investing in a self-service password-reset solution in order to reduce the amount of redundant forgotten password requests to the help desk.

Best Practices in Security: Periodically Test Passwords

by Phil Rosch, March 12, 2001

Password integrity is one of the weakest links in the information systems security process. Periodic password checking is an effective and prudent safeguard for any company, regardless of size.