Introduction to FIDO (Fast IDentity Online)

In this first article we will take a high-level look at FIDO 2.0 and WebAuthn. Future articles will explore various aspects of FIDO in greater detail. FIDO’s vision is to replace passwords and many other authentication methods, using a FIDO … Read More

FinTech Identity Authentication

Why don’t FinTechs use strong authentication?

Remember when companies used painfully slow and expensive wire transfers? When small businesses wasted time and money maintaining checking accounts? When investments in stock markets were only for those with deep pockets? Luckily, FinTechs came onto the scene and changed … Read More

Customer IAM on-premise

What About Risk-Based Authentication?

Over the years, Ubisecure has helped several organisations that have services where it is of outmost importance to be sure that a person logging in to a service is really who they claim to be. A solution to this, as … Read More

The Password Must Go

The world is full of good ideas and inventions that reflect the time when they surfaced. Only later we discover that they were actually very bad ones. Tobacco was something back in the day – until we discovered that it … Read More

Appropriate Identity

A lot of online services today take advantage of social media identities. You can start using a subscription service such as Spotify or Viaplay service with your Facebook identity. Social media identities minimize friction in adopting new consumer services. The … Read More

Single Sign-On vs Step-up Authentication

When delivering online services to your customers, there are two terms that come up quite often that might require some explanation through comparison. Single Sign-On and Step-up authentication are technologies to help your customers navigate your applications. Visually, Single Sign-On … Read More

API Security and CIAM

While browsing through LinkedIn, I came across this table in a post from Mark O’Neill, an analyst from Gartner. Looking at his very brief post promoting their $195 research note, I realised that at least one third of (their) view … Read More

Industrial Internet

IAM and Industrial Internet – Cryptographic identities for devices

Cryptography, and asymmetric aka public key cryptography in particular still radiates an aura of mystery and confusion. Public key cryptography is far from bleeding-edge though, as it was discovered in 1970 by James Ellis, a British cryptographer working for the … Read More

IAM and Industrial Internet – Strong device identities

When it comes to IoT, it is paramount to distinguish between authentication and authorisation. Typically, there are long discussions centred around device identities – authentication – while managing their access rights waved by one sentence such as “the portal will … Read More

Strong Authentication and Digital Transformation

The larger concept, digital transformation, that encompasses digital business, online services, mobile apps, multi- or omni-channel solutions, IoT, require strong customer authentication to succeed. If it is not already become obvious to you – you should avoid deploying weak identities, … Read More