SMS authentication—also known as SMS-based two-factor authentication (2FA) and SMS one-time password (OTP)—allows users to verify their identities with a code that is sent to them via text message. A form of two-factor authentication, it often acts as a second verifier for users to gain access to a network, system, or application, and is a good…

Viruses, spyware, and other malware can affect more than just desktop computers and laptops. Mobile devices are vulnerable as well. As the threat landscape continues to evolve, it’s important that we not only understand these risks—but how we can protect ourselves against them.  In this post, we’ll take a closer look at the mobile phone security…

Zero Trust is a security framework based on the belief that every user, device, and IP address accessing a resource is a threat until proven otherwise. Under the concept of “never trust, always verify,” it requires that security teams implement strict access controls and verify anything that tries to connect to an enterprise’s network. Coined in…

In our previous posts for this 5-part series on lifecycle management, we offered various best practices you could implement to better manage identity data, lifecycle processes, and access grants. Today, we’ll review the identity-related challenges surrounding audits and compliance, and offer ten ways to gradually chip away at the complexities of…

API is an acronym that stands for “application programming interface,” and it allows apps to send information between each other. While there are numerous protocols and technologies involved, the underlying purpose of APIs is always the same: to let one piece of software communicate with another.  APIs (sometimes described as web services) work in…

Attribute-based access control (ABAC) is an authorisation model that evaluates attributes (or characteristics), rather than roles, to determine access. The purpose of ABAC is to protect objects such as data, network devices, and IT resources from unauthorised users and actions—those that don’t have “approved” characteristics as defined by an…

Magic links are a form of passwordless login. Instead of the user entering any login credentials to sign in, they are sent a URL with an embedded token via email, and sometimes via SMS. Once the user clicks that link to authenticate, they are redirected back to the application or system having successfully signed in—as if they used a “magic”…

Whether you’re building a new app or migrating a legacy app to the cloud, you face a choice: build everything in-house or selectively use out-of-the-box services to make the job easier and faster. Out-of-the-box services like Twilio, for messaging, and Braintree, for payments, have gained popularity because they help lean dev teams remain agile…

If you’ve ever found yourself searching security questions like “how to secure my work computer” and “laptop security antivirus,” this article is for you. Here, we answer common company laptop security questions like: How do I keep my laptop secure in a public network? What is the best security system for my computer? Is my laptop password safe?…

No matter how much you may love your users, you can’t trust all of them. With so many individuals and devices accessing your apps, and requests coming from various networks, there’s a real risk of bad actors slipping through the cracks. Single-sign on (SSO) and multi-factor authentication (MFA) are must-haves when it comes to modern security. To…