The memo does not include any requirements for authenticators to be phishing-resistant, even though DoD is required to retire phishable authenticators by 2027.

The surge in attempts to compromise Microsoft 365 accounts has been enabled by readily available phishing tools.

Threat Groups Hijack Microsoft 365 Accounts Using OAuth Device Code Exploit Security researchers warn that threat groups are ...

Proofpoint has warned about phishing campaigns abusing legitimate device authorization flow to bypass MFA and gain persistent ...

The Department of Defense anticipates more than half of the planned measures identified in its zero-trust strategy will be implemented by fiscal year 2027. The proposed options include something a ...

Michael Engle is Cofounder at 1Kosmos and was previously head of InfoSec at Lehman Brothers and Cofounder of Bastille Networks. In many enterprise environments, it’s common for identity verification ...

Since the inception of the internet, passwords have been the primary authentication factor to gain access to online accounts. Yubico’s recent Global State of Authentication survey of 20,000 employees ...

Do you use text messages for multi-factor authentication? You should probably switch to a different method, especially with everything we’re learning about a recent hack that’s been dubbed the “worst ...

SINGAPORE - Singapore’s digital ecosystem will become more secure when NRIC numbers are no longer used to authenticate users, but to put in the infrastructure for stronger authentication tools could ...

Microsoft is priming Windows 11 for a more passwordless future. The company plans to roll out new passkey-focused features to Windows Insider testers in the coming months, it said in a blog post last ...

Protecting an account with just a username and password is not very smart. Both can be stolen, guessed, or cracked too easily. This is why two-factor authentication (2FA) is recommended for all ...