Author: David Treece
-
New NIST guidance on passkeys: Key takeaways for enterprises NIST recently released an update to SP800-63B to provide guidance on syncable authenticators. As FIDO passkeys continue becoming more adopted and available at a large scale, NIST guidance helps organizations properly position and plan so they can successfully implement synced passkeys both internally and externally. Within the guidance, it’s important to understand the nuance of […] Read more government NIST passkeys phishing-resistant MFA -
Yubico joins CISA and the Joint Cyber Defense Collaborative’s High-Risk Communities Protection initiative to continue helping secure high-risk individuals and organizations We’re honored to share that today we are joining the Cybersecurity & Infrastructure Security Agency (CISA) as they launch a new webpage to provide resources for high-risk individuals and organizations to receive the tools they need to protect themselves online. This webpage is the product of the Joint Cyber Defense Collaborative’s (JCDC) High-Risk Communities Protection […] Read more CISA Secure It Forward -
The six biggest misconceptions about Zero Trust Architecture (ZTA) We talk a lot about Zero Trust architectures (ZTAs) at Yubico because we’d like to see every customer embrace its guiding principle: no user, whether they are authenticating from inside or outside the organization, has implicit trust granted. Additionally, the authentication method must be phishing-resistant and provide signals that attest to the protection of the […] Read more zero trust Zero Trust Architecture ZTA -
A new era for Federal identity with Joe Scalone – Yubico This is part two of a two-part series on the latest NIST guidelines. To read part one, check out our blog post here. Over the past six months, three National Institute of Standards and Technology (NIST) draft guidelines were released that will change how federal agencies manage digital identity services, the authentication of users and […] Read more FIDO2 NIST NIST SP 800-63-4 -
CISA’s new Zero Trust Maturity Model gives MFA a push – Yubico The long-awaited second version of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model (ZTMM) is here after more than a year of public comments and agency responses. The latest model points federal agencies, and all organizations that work with them, toward a Zero Trust security architecture. The White House laid the groundwork […] Read more CISA Executive Order government zero trust -
The White House’s National Cybersecurity Strategy and Pandemic Anti-Fraud Proposal: Three things you should do to respond now On March 2, the White House made a clear and important announcement to the tech sector regarding cybersecurity efforts moving forward: “We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce […] Read more Executive Order government National Cybersecurity Strategy zero trust -
Laying the groundwork for continuous authentication Continuous authentication is an emerging concept—a future ‘nirvana’ state of security that would provide the capability to validate a user’s identity in real-time as they maneuver between systems, applications, and devices. In theory, continuous authentication solutions would use risk signals from a variety of monitoring sources to authenticate users, identify potential threats and proactively remediate […] Read more authentication FIDO U2F FIDO2 MFA phishing-resistant MFA zero trust -
White House declaration: act now for cybersecurity attack protection Last week, President Biden made a statement that couldn’t have been clearer in its message regarding cybersecurity attack protection to the private sector: “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year […] Read more authentication Executive Order MFA phishing-resistant MFA YubiKey -
Security considerations for the top 8 mobile device-restricted workplaces When looking at enterprises and organizations, there are many different business scenarios that can be present when addressing secure authentication. Whether those be shared workstations, remote workers, or even privileged accounts, there is one in particular that introduces its own difficulties: mobile device-restricted workplaces. It’s safe to say that there will always be workplaces which, […] Read more authentication FIDO MFA mobile authentication phishing-resistant MFA WebAuthn -
Supply chain security in 2022 The SolarWinds and Colonial Pipeline security breaches are two (of many) incidents that have made supply chain attacks go mainstream. The primary challenge for businesses is that supply chain defense isn’t easy given the hundreds, if not thousands of entry points that need to be monitored along the way. But there are best practices that […] Read more cybersecurity government MFA supply chain YubiKey