Passwordless authentication has evolved but still needs to mature. Financial firms must improve customer education, user experience and recovery processes to advance. Josh Cigna of Yubico outlines steps to ensure secure, scalable deployment.
To meet NYDFS Part 500, firms must apply multifactor authentication and integrity scanning across mainframes and distributed systems. These steps stop attackers from bypassing controls with flawed code, said Tim Hill, vice president of software engineering at Rocket Software.
Attackers aren't hacking in, they're logging in. Cisco Talos data shows MFA bypass and credential theft fueling a new wave of identity-driven breaches. The blog breaks down the tactics and what enterprises must do now.
Cisco Duo's 2025 State of Identity Security report highlights the challenge: only one in three leaders fully trust their identity provider to stop identity-based attacks. Most cite complexity and fragmentation as the root cause.
Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and how behavioral analytics will shape identity verification in 2026 and beyond.
Ping Identity will acquire Keyless to expand passwordless authentication to frontline workers who lack access to smartphones. The deal gives Ping deepfake-resistant, privacy-first biometrics that don't store user templates on servers, easing identity verification and account recovery.
HID's acquisition of IDmelon brings orchestration capabilities that allow physical badges to become FIDO credentials without any user interaction required. The move enhances HID's ability to protect frontline workers and unify digital and physical identity management.
RSA's new CEO Greg Nelson is focused on leading the company through its next growth phase by doubling down on passwordless security, AI-powered threat prevention and enhancing customer trust. He also aims to grow RSA's role in protecting high-assurance organizations.
Unico has acquired San Francisco-based OwnID to enhance its identity offerings and grow its U.S. customer base. The passkey startup's low-friction login solution complements Unico's facial recognition tools and supports broader use cases with streamlined user experiences.
By acquiring startup Axiom Security, Okta aims to enhance privileged access by offering broader coverage of sensitive assets like Kubernetes containers and databases. The company says the move accelerates value delivery and complements Okta's existing privileged access capabilities.
Why hack, when hackers are willing to sell guaranteed access to breached networks? More and more cybercrooks agree they'd rather outsource than bother with the tedium of actual network penetration, leading to a flourishing initial access market.
OpenAI CEO Sam Altman recently claimed that artificial intelligence has "fully defeated most of the ways that people authenticate currently, other than passwords." A host of security experts disagree and point out that passwords got us into this authentication mess to begin with.
Cybercriminals are bypassing MFA using session tokens and rogue app access, with shadow workflows enabling persistent inbox theft against SMBs. Huntress offers behavioral training and managed identity response to SMBs for real protection not just more alerts, says CEO Kyle Hanslovan.
The explosion of agentic AI and autonomous bots to orchestrate cross-system tasks is turning MFA into a brittle defense. Non-human identities often bypass human-centric security controls, operating with static credentials and undefined ownership, creating exploitable identity risks.
The Identity and Access Management (IAM) Market Guide 2025 provides an essential industry briefing on the evolving identity security ecosystem - offering unparalleled insights into the trends, technologies and market forces reshaping IAM this year.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
