Showing posts from October, 2022

Identity as the new security boundary

 Not so long ago a PC was safe behind a firewall. The idea was that the physical infrastructure of a network would be enough. Anti-virus and anti-malware products sat on PCs to protect users. Then hybrid working came along. Digital nomads who could connect to networks from anywhere. New startups had users connecting to web based applications. People were bringing their own devices, tablets, phones, projectors and so on into the workplace. Security has now started looking at people. Microsoft call this zero-trust. You don’t just trust someone because they can login. You have systems that secure identity itself. There are three steps to identity security.  1.The credentials that give you authorisation. For most people this is an account identity and password. Often the identity is an email address or some public identity. This leaves the account secured by password. The strength and complexity of the password protecting authentication. 2. Authorization is the next step. What you can a

My Microsoft Account goes Passwordless

I suddenly realised it's been a while since I typed in my password to access my Microsoft account. This is partly because my browser caches information but also because the security model of Microsoft Accounts has changed. Microsoft send you a notification or can send you an SMS rather than ask you for a password.  My current Windows laptop has an infra-red sensor so that it can do face identification using Windows Hello. If that fails, I can use a pin.  If you want to go passwordless then you will depend on these biometric devices. Your face, fingerprint, or a pin. It has been an aim of the leading technology firms to ditch passwords for some time. The process is reaching a point to which tech is doing it across devices.  At the centre of this is FIDO. The Federation of Identity Online (FIDO) is a decade old group that has promoted a new way of securely authenticating people on online services. It has onboard Apple, Microsoft, Google, PayPal, Meta, Amazon and more. They don't