Resetting Passwords using Linked Accounts

Passwords are one of the most insecure security measures today. The same passwords are listed as the most used year after year (which is simply a repercussion of too many systems/passwords), and when they’re forgotten, password resets via the helpdesk have zero validation around who’s actually calling. To simplify the process of password resets, self-service…

The Value of Granular Password Management

In a recent article, we discussed how Password Self-Service (PSS) needs to be managed with a degree of granularity. The basis for this argument is that users with varying levels of elevated privileges should be protected with additional layers of complexity and scrutiny. This allows an organization to ensure appropriate levels security are enforced based…

External Authentication

The Password is (Almost) Dead: Protecting Identity with External Authenticators

In a world where organizations need to implement layers of security to protect themselves from the dangers of external attacks, it becomes more and more important to know someone is who they say they are – often on an on-going basis.  Compromised credentials via successful malware attacks make even the most trusted of users a…

Groups Shouldnt Live Forever

Groups Shouldn’t Live Forever

There’s this quote from a Dr. Who episode that has stuck with me – “We’re all stories, in the end.” It speaks to the finality that nearly everything – and everyone – eventually has its demise and becomes nothing more than folklore. And in IT, this especially rings true.  When you hear a name like…

Password Self Service

Password Self-Service: One Size Doesn’t Fit All

With users having so many passwords – both personally and professionally – and with the ability to have operating systems and browsers remember password on the user’s behalf, it’s understandable that they may find themselves forgetting their password at one time or another. They can use the age-old insecure process of calling the helpdesk, or…

Imanami Lock

Extending Organizational Security and Productivity through SSO with SAML

No one really likes to remember passwords.  You’re probably in one of two camps – either you use the same password everywhere just to avoid needing to remember a variety of complex phrases, or you, like me, use a password database to store them (in which case, I only need to remember the password to…

Active Directory Multi-Factor Authentication

Securely Extending IT with Multi-Factor Authentication

In previous blogs, we’ve stressed the need for IT to go outside of itself and embrace application owners, line-of-business owners, and other stakeholders within your user base. These people generally have better insight into the daily needs and changes related to the applications and resources that they use and can therefore manage the access to…

Defining Roles in Active Directory

Defining Roles when Delegating Access

When Active Directory first came out, we were all happy just to have a few levels of administrative granularity. There were the domain admins, a few admins over servers, local admin privileges across all the workstations, and — if you were really cutting edge — perhaps some kind of custom delegation to a specific service…

Real Cost of Managing Active Directory Groups

How to Calculate Cost of Managing Active Directory Groups

Groups are the lifeblood of companies and organizations of every size with in their on-premise and hybrid environments. They are the foundation for security and accessibility to resources and email functionality. The challenge is keeping them updated and current after they are created. In many cases, IT is tasked (via tickets) to add and subtract…

Let Go

Letting Go: When Users Should Be in Control

I love those ridiculous commercials for the new selling service LetGo. People are holding onto an item that they just can’t seem to part with, despite the peril it may be putting them in. Like the one where the guy has the heavy bowling ball in one hand, and the other is grasping the bumper…