Author: David Treece

May 12, 2022
Laying the groundwork for continuous authentication
Continuous authentication is an emerging concept—a future ‘nirvana’ state of security that would provide the capability to validate a user’s identity in real-time as they maneuver between systems, applications, and devices. In theory, continuous authentication solutions would use risk signals from a variety of monitoring sources to authenticate users, identify potential threats and proactively remediate …

Mar 30, 2022
White House declaration: act now for cybersecurity attack protection
Last week, President Biden made a statement that couldn’t have been clearer in its message regarding cybersecurity attack protection to the private sector: “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year …

Mar 3, 2022
Security considerations for the top 8 mobile device-restricted workplaces
When looking at enterprises and organizations, there are many different business scenarios that can be present when addressing secure authentication. Whether those be shared workstations, remote workers, or even privileged accounts, there is one in particular that introduces its own difficulties: mobile device-restricted workplaces. It’s safe to say that there will always be workplaces which, …

Feb 24, 2022
Supply chain security in 2022
The SolarWinds and Colonial Pipeline security breaches are two (of many) incidents that have made supply chain attacks go mainstream. The primary challenge for businesses is that supply chain defense isn’t easy given the hundreds, if not thousands of entry points that need to be monitored along the way. But there are best practices that …

Nov 18, 2021
In passwordless authentication, who is holding the keys?
Strong authentication practices are based on validating a number of authentication factors to a relying party (RP) or identity provider (IDP) to prove you are who the RP expects. Examples of relying parties could be Dropbox or Salesforce. Identity providers, who can also be a relying party that interacts with the authenticator, include Microsoft Azure, …

Nov 11, 2021
Mitigation and incident response plans to help prevent ransomware attacks
We’ve all grown accustomed to a flood of ransomware attack news almost every week, with no end in sight. The recent arrest of two Ukrainian ransomware attackers demonstrates that the White House is serious about going on the offensive against ransomware distributors. But often enforcement could end up being a game of whack-a-mole — hit …

Aug 24, 2021
Zero Trust is the new regulatory minimum for Federal agencies: what does that mean for authentication?
The deadline is looming for federal agencies to implement impersonation-resistant multi-factor authentication (MFA), just one of the new stronger security requirements under President Biden’s new cybersecurity executive order (EO 14028). The EO puts security front and center to address some of the worst cyber attacks against the federal government, setting up new federal compliance expectations …

Jun 21, 2021
Seven tips if you’re still scratching your head after reading Biden’s cybersecurity executive order
Yubico works with a lot of federal agencies and contractors, as well as with customers in regulated industries, so we understand the challenges new compliance regulations can bring. The executive order that was released May 12 can be seen as the federal government fully embracing the move toward multi-factor authentication (MFA) for use cases where …

May 13, 2021
Quick Take: Executive Order on Improving the Nation’s Cybersecurity
With the recent number of attacks that have had significant impact on critical systems, a new executive order on improving the nation’s cybersecurity has been released, covering many key areas that need to be addressed to protect critical digital infrastructure. This is one of the most detailed U.S. executive orders on cybersecurity and we welcome …

Feb 9, 2018
Yubico Simplifies Smart Card Deployment in the Enterprise
In the enterprise, smart cards simplify login to computers, VPNs, and online applications. Smart cards are also used for digitally signing emails and documents. While smart cards are known for delivering strong authentication, they are not simple to deploy. For example, to use a smart card in an enterprise setting, an admin must install client …