Archive
-
New NIST guidance on passkeys: Key takeaways for enterprisesNIST recently released an update to SP800-63B to provide guidance on syncable authenticators. As FIDO passkeys continue becoming more adopted and available at a large scale, NIST guidance helps organizations properly position and plan so they can successfully implement synced passkeys both internally and externally. Within the guidance, it’s important to understand the nuance of […]
Read more -
Yubico joins CISA and the Joint Cyber Defense Collaborative’s High-Risk Communities Protection initiative to continue helping secure high-risk individuals and organizationsWe’re honored to share that today we are joining the Cybersecurity & Infrastructure Security Agency (CISA) as they launch a new webpage to provide resources for high-risk individuals and organizations to receive the tools they need to protect themselves online. This webpage is the product of the Joint Cyber Defense Collaborative’s (JCDC) High-Risk Communities Protection […]
Read more -
The six biggest misconceptions about Zero Trust Architecture (ZTA)We talk a lot about Zero Trust architectures (ZTAs) at Yubico because we’d like to see every customer embrace its guiding principle: no user, whether they are authenticating from inside or outside the organization, has implicit trust granted. Additionally, the authentication method must be phishing-resistant and provide signals that attest to the protection of the […]
Read more -
A new era for Federal identity with Joe Scalone – YubicoThis is part two of a two-part series on the latest NIST guidelines. To read part one, check out our blog post here. Over the past six months, three National Institute of Standards and Technology (NIST) draft guidelines were released that will change how federal agencies manage digital identity services, the authentication of users and […]
Read more -
CISA’s new Zero Trust Maturity Model gives MFA a push – YubicoThe long-awaited second version of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model (ZTMM) is here after more than a year of public comments and agency responses. The latest model points federal agencies, and all organizations that work with them, toward a Zero Trust security architecture. The White House laid the groundwork […]
Read more -
The White House’s National Cybersecurity Strategy and Pandemic Anti-Fraud Proposal: Three things you should do to respond nowOn March 2, the White House made a clear and important announcement to the tech sector regarding cybersecurity efforts moving forward: “We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce […]
Read more -
Laying the groundwork for continuous authenticationContinuous authentication is an emerging concept—a future ‘nirvana’ state of security that would provide the capability to validate a user’s identity in real-time as they maneuver between systems, applications, and devices. In theory, continuous authentication solutions would use risk signals from a variety of monitoring sources to authenticate users, identify potential threats and proactively remediate […]
Read more -
White House declaration: act now for cybersecurity attack protectionLast week, President Biden made a statement that couldn’t have been clearer in its message regarding cybersecurity attack protection to the private sector: “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year […]
Read more -
Security considerations for the top 8 mobile device-restricted workplacesWhen looking at enterprises and organizations, there are many different business scenarios that can be present when addressing secure authentication. Whether those be shared workstations, remote workers, or even privileged accounts, there is one in particular that introduces its own difficulties: mobile device-restricted workplaces. It’s safe to say that there will always be workplaces which, […]
Read more -
Supply chain security in 2022The SolarWinds and Colonial Pipeline security breaches are two (of many) incidents that have made supply chain attacks go mainstream. The primary challenge for businesses is that supply chain defense isn’t easy given the hundreds, if not thousands of entry points that need to be monitored along the way. But there are best practices that […]
Read more