authentication

Insights

BLOG

The CIAM Implications Of The Facebook/Cambridge Analytica Scandal

Merritt Maxim April 11, 2018
My fellow Forrester analysts have been covering the data and privacy implications of the Facebook/Cambridge Analytica scandal in several excellent blog posts, such as this one and this from yesterday, but this scandal has highlighted some CIAM-specific implications that CISOs and CMOs need to assess, particularly around the future role of social login. For those […]
Read More
BLOG

M&A In The IAM Market Is Off To A Strong Start In 2018

Merritt Maxim February 1, 2018
We’re only one month into 2018 and have already witnessed a surge in M&A activity in the IAM space. Since January 1, 2018, four major IAM related deals, totaling over $1 billion (based on reported amounts and Forrester estimates on certain transactions), have been announced: • KPMG acquired Cyberinc. • One Identity acquired Balabit. • […]
Read More
BLOG

Where Will Disruption Happen Next In Financial Services?

Zhi Ying Barry April 18, 2016
Digital disruption has hit retail financial services in Asia Pacific (AP). In 2014, fintech investments in AP totaled US$880 million and skyrocketed to a staggering US$4.5 billion last year. Just as payments innovation has been a darling of venture capital investors in the US, the picture is not so different in AP as payments took […]
Read More
BLOG

Two-Factor Authentication (2FA) Companies Continue to be Attractive Acquisition Targets

Merritt Maxim November 19, 2015
Last week, Courion announced its acquisition of Nova Scotia-based SecureReset, which, through its QuickFactor product, provides mobile-based two-factor authentication (2FA). This is the fourth acquisition of a 2FA startup by an enterprise software vendor in 2015: ·         Twilio acquired Authy, February 2015 (purchase price N/A). ·         Salesforce acquired Toopher, April 2015 (purchase price N/A). ·         […]
Read More
BLOG

Forrester’s Security & Risk Research Spotlight: Stuck Between A Hack & Frustrated Customers

Stephanie Balaouras October 19, 2015
Are passwords a dying breed? With every other organization getting hacked, many S&R pros would argue that if passwords aren’t dead yet, they should be. Yet many companies such as LogMeIn and LastPass continue to make strategic acquisitions, proving that interest in password management solutions remain high among enterprises and consumers (check out their press […]
Read More
BLOG

You’re Mitigating The Security Vulnerabilities In Authentication – But Ignoring The Usability Vulnerabilities

Forrester March 24, 2014
Security and risk professionals know what to do with security vulnerabilities: we mitigate the risk directly as best we can, and put in place compensating controls when we can't change the underlying dynamic. But in the age of the customer, upping our game in authentication strategies has forced us to take a harder look at […]
Read More
BLOG

“Responsive Design” Is Good For Web Apps – And For Authentication

Forrester August 29, 2013
If you ever need a belly laugh, visit the site DamnYouAutocorrect.com (warning: it’s often not safe for work). It’s also a great illustration of why you shouldn’t just force users through the same exact login procedure when they use mobile apps versus full-fledged browser windows: hitting all the right tiny keys is hard work, and […]
Read More
BLOG

Amazon and AWS Moves Further Validate The Value Of Portable Identity

Forrester May 30, 2013
Social sign-in has become a powerful force for marketers and consumers, validating the notion of federated identity in consumer-facing contexts. (Ironic that consumerization of IT is successfully tackling even the single sign-on problem that has bedeviled IT, showing how identity for the top line of the business can overcome resistance in ways that business-to-employee scenarios […]
Read More
BLOG

I’m Shocked, Shocked To Find That Password Sharing Is Going On In This Enterprise

Forrester May 28, 2013
I had the chance once again to do a podcast with Mike Gualtieri as part of his wonderful Forrester TechnoPolitics series, talking about the usability affordances of passwords that make them natural targets for consensual impersonation. As Mike memorably puts it, is this behavior frisky, or risky? Just like in our last podcast together, I found myself […]
Read More
BLOG

FinovateSpring Fling 2013: Another Year Of Dazzling Financial Services Delight!

Forrester May 20, 2013
I attended FinovateSpring 2013 last week to get a preview of new products from digital technology vendors for financial services. For those of you that have not been to Finovate, it’s a little like innovation speed dating — where 72 vendors have 7 minutes to win the hearts of the audience to secure the “Best of […]
Read More
BLOG

XACML is dead

Andras Cser May 7, 2013
Conversations with vendors and IT end users at Forrester's Security lead us to predict that XACML (the lingua franca for centralized entitlement management and authorization policy evaluation and enforcement) is largely dead or will be transformed into access control (see Quest APS, a legacy entititlement management platform based on BiTKOO, which will probably be morphed […]
Read More
BLOG

Two-Step Verification Will End Consensual Impersonation

Forrester April 1, 2013
  A couple of months back, I advocated killing your password policies and applying some other techniques instead to make existing use of passwords more effective (including my hobby horse: take the user-experience sting out of rotating ordinary static passwords by pushing them out to users on an alternate channel, à la activation codes and […]
Read More
BLOG

Make A Resolution: Kill Your P@55W0rD Policies

Forrester December 31, 2012
It has finally become hip not just to predict the demise of passwords, but to call for their elimination. The recent Wired article makes an eloquent case about the vulnerabilities that even "strong" passwords are subject to, such as social engineering and outright theft. And strength is, of course, relative and subject to degradation: The latest computer […]
Read More
BLOG

Deliver The Anywhere, Anytime, Any-Device Promise Safely And Securely

Forrester July 27, 2012
Mobile security and operations continues to be one of the hottest topics for organizations across industries. Mobility holds the promise of fostering new innovations, reaching new audiences and, most importantly, creating never-before-seen user experiences and business opportunities. For example, productivity gains brought on by “anytime”, “anywhere”, “any device” access are already revolutionalizing customer service, collaboration, […]
Read More
BLOG

A New Venn Of Access Control For The API Economy

Forrester March 12, 2012
Cloud providers and many federated IAM practitioners are excited about OAuth, a new(ish) security technology on the scene. I’ve written about OAuth in Protecting Enterprise APIs With A Light Touch. The cheat-sheet list I keep of major OAuth product support announcements already includes items from Apigee, Covisint, Google, IBM, Layer 7, Microsoft, Ping Identity, and […]
Read More
BLOG

Have You “Signed In” With Facebook Recently?

Peter Sheldon February 20, 2012
The online registration page has always been a necessary evil. Despite the obvious need to collect customer information online, 11% of US adults have previously abandoned an online purchase either because  they didn't want to register online or the site they were visiting was asking for too much information. Many websites make it downright difficult […]
Read More
BLOG

Strong Authentication: Bring-Your-Own-Token Is Number Three With A Bullet

Forrester February 14, 2012
In approaching the research for my recently published TechRadar™ on strong authentication, at first I struggled a bit with overlapping concepts and terminology (as can be seen in the lively discussion that took place over in the Security & Risk community a few months back). The research ultimately revealed that form factor matters a lot — […]
Read More
BLOG

RSA Breach: Two-Factor Authentication Is Not Dead But Is Morphing And Getting More Granular

Andras Cser June 8, 2011
Many IT end-user companies deployed hard tokens at a time when intermediate-risk choices were thinner on the ground, and some of these companies would have benefited from a more granular approach anyway. In general, we are seeing companies moving towards risk-based authentication augmented by mobile soft tokens (sometimes called from a mobile application through an […]
Read More