• Separating fact from fiction in your journey to passwordless authentication Say the word “passwordless” to a room full of security professionals and you will get a range of reactions, from a wry smile to a walk-out. That’s because the information security community knows that “passwordless” is a loaded term, and the industry is filled with differing and contradictory positions on the topic.  The purpose of […] Read more
• What is a Secure Static Password? How is a ModHex static password generated? Utilizing ModHex and its 16-character alphabet, and encoding that introduces a measure of “randomness”. A 32-character ModHex password would take a hacker around five billion years to even get a 1 in 2,158,056,614 chance of a correct guess (yes, that’s two billion!). Even a 16-character ModHex password would take around […] Read more
• What is CTAP? How does CTAP work? FIDO2 consists of two standardized components, a web API (WebAuthn) and a version 2 of CTAP. The two work together and are required to achieve a passwordless experience for login. The earlier FIDO U2F (Link to FIDO U2F Glossary) protocol working with external authenticators is now renamed to CTAP1 in the WebAuthn specifications. […] Read more
• What is FIDO Universal 2nd Factor? What does it mean to be FIDO U2F Certified? FIDO’s certification programs are a critical element in ensuring an interoperable ecosystem of products and services that organizations can leverage to deploy FIDO Authentication solutions worldwide. FIDO Alliance manages functional certification programs for its various specifications (e.g. U2F and FIDO2) to validate product conformance and interoperability. […] Read more
• What is Credential Stuffing? Read more
• What is Passwordless? Passwordless definition Passwordless is best thought of as a strategic direction for a company’s security to take. How fast you accelerate toward that goal all depends on how many steps are included in a passwordless strategic plan. Every company, depending on specific security context, is going to get there at a different speed — but […] Read more
• What is a Data Breach? How Do Data Breaches Happen? Read how you can educate yourself and your company on best practices to stop breaches here (source: Verizon 2020 Data Breach Investigation Report) Read more
• What is FIDO 2? What does it mean to be FIDO2 Certified? FIDO’s certification programs are a critical element in ensuring an interoperable ecosystem of products and services that organizations can leverage to deploy FIDO Authentication solutions worldwide. FIDO Alliance manages functional certification programs for its various specifications (e.g. U2F and FIDO2) to validate product conformance and interoperability. A FIDO2-certified device, […] Read more
• FIDO2 passwordless authentication Key Takeaways Successful Implementation Requires a Plan for Recovery and Legacy Systems. Users must register both primary and backup authenticators to prevent lockouts. Multi-protocol hardware security keys that support both FIDO2 and traditional standards like PIV/Smart Card enable phased modernization, enabling a transition away from legacy systems over time. The Authentication Paradox: Why Adding Layers […] Read more
• What is the W3C? What does the W3C do? W3C’s primary activity is to develop protocols and guidelines that ensure long-term growth for the Web. W3C’s standards define key parts of what makes the World Wide Web work. Did W3C author Webauthn? Webauthn was developed under the umbrella of the World Wide Web Consortium (W3C). Yubico along with Microsoft and […] Read more