How to Check the Security of Password
Dip
You should select a password in such a way that it is difficult to guess. You can secure your password in an improved way by mixing different set of characters. more

Can Sears Help OpenID Go Mainstream?
Robin Wauters, Washington Post
The question is: is Sears - despite its claims of driving innovation in online retailing, which seems a bit over the top - merely a late adopter looking to try something new or is this a sign of OpenID maturing to a point where it can finally reach that tipping point where it really starts taking off with a mainstream audience? more

Oracle's Mega Fusion Middleware 11g Release
Alex Goldman, internetnews
It was a tremendous effort. It took 7,350 person-years of engineering, occupied over 3,500 Oracle developers, involved 220,000 tests run each night, and incorporated 5,420 customer enhancements and 1,987 individual development projects, according to Rizvi. more

Sears Adopts OpenID Technology
PRNewswire
Through this new innovation, users in the Sears and Kmart communities can use the ID and password they already have to write product reviews and can share information on products, services and solutions. Future updates planned with the OpenID platform will allow users in the communities to share their posts and product reviews with friends easily via Facebook. more

The Experts Conference 2009 Survey Underscores Need for Secure Identity and Access Management
Welt online
Single sign-on, a new topic added to the survey in 2009, took first place as the top challenge among IT respondents, with 35 percent rating this area "problematic” or "out of control” in their organizations. more

Your Own Role in Identity & Access Management
Earl Perkins
...one thing we haven’t written enough about is your own role in the IAM organization, i.e. the roles, responsibilities, skillsets and prerequisites for effectively exploiting an IAM program within an enterprise. It’s really a shame, since knowing who can make the most effective use of IAM products and processes (and how) is more instrumental in validating IAM value for the enterprise than any product feature available or report you can produce. more

Call for Nominations for the 2009 IDDY Awards
PRNewswire
The IDDY Awards shine a spotlight on the individuals and organizations responsible for building and deploying identity-enabled applications for people, communities, businesses and governments. more

SaaS provisioning
Jeff Bohren
Of course having an SPML capability in a SaaS is not going to be much help if the enterprise doesn’t have a provisioning system in place with SPML support. SPML support is not widely available in provisioning systems (although there are a few that have it out of the box). more

Transparent or Translucent?
Ian Glaze
While we have Data.gov as one of the current administration’s steps towards furthering government transparency, we do not have an analogous Process.gov. Said another way – we get the sausage but don’t get to see how it is made. This isn’t transparent government but translucent government. more

Targeting targeted advertising
Dave Kearns
I like my Gmail. If you don't, that's fine. Just leave me alone to enjoy it and I'll leave you alone to enjoy whichever mail service you choose. more

Where are the controls
Matt Pollicove
Without governance controls anyone can come in and rule the roost. There is no accountability, control or record. more

Accucom Corporation Introduces SafeID, Allowing Online Merchants, Auction Sites and Social Networks to Quickly and Easily Authenticate User Identities
PRWeb
SafeID authentication begins when a user's name and email address are entered into the system during an intended purchase. From there, a series of five or six multiple choice questions are generated based on data from various public record sources. Depending on the integration, users will either take the test on the merchant's site or receive it via email. Upon completion, the user's score is made available to the merchant through their control panel, an API or by email which they can use to determine the customer's authenticity. more

Covisint Named a Hosted Identity Access Management Market Share Leader
GLOBE NEWSWIRE
Covisint was one of only two companies listed in the Tier 1 category, which represented companies with more than $10 million in hosted identity revenues for 2008. The report also noted that "with the current economic downturn, many organizations are looking for ways to reduce the costs of their security operations and are looking at outsourcing to achieve this objective." more

The problems and benefits of identity and access management
Mark Mayne, SC Magazine
Identity and access management (IAM) is arguably the broadest issue in IT security. There are few other single concepts that impact as widely on so many areas as that of managing identity in an enterprise business context. From enabling employees to access the internal resources they need to fulfil business aims, through companies outsourcing functionality and hardware to consumers seeking to bank, trade or buy goods remotely, all are dependent on secure, reliable identity and access management. more

The Personal Data Eco-System
Iain Henderson
the term Personal Data Store is not an ideal term to describe a complex set of functions, but it is what it is until we get a better one (the analogy I’d use in more ways than one is the term ‘data warehouse’ - again a simplistic term that masks a lot of complex activity). more

Quest Software Awarded 2009 Microsoft Partner of the Year
Welt Online
It also recognizes partners with innovative solutions for Active Directory Domain Services in a heterogeneous environment, or solutions that provide value-added security and compliance capabilities for Active Directory Domain Services. more

Role of Identity Management in Public vs. Private Cloud Computing
Vadim Lander
Who is the user and what can a user do in a cloud environment must be monitored and also enforced diligently. A public cloud that offers on-demand services to a wide population of users must take relevant compliance mandates with utmost responsibility to ensure access control will not be compromised - or risk loss of business due to bad publicity and loss of trust. more

Centrify Among Top Finalists for 2009 Microsoft Worldwide Partner Conference Awards
PRNewswire
The Advanced Infrastructure Solutions, Active Directory Partner of the Year award honors partners who have practices with proven proficiency in implementing solutions based on Windows Active Directory Domain Services. more

Gemalto ships 'optical authentication' device for German online market
finExtra
Security vendor Gemalto has unveiled a combined one-time password generator and screen capture authentication reader for online banking that enables users to identify themselves by reading data displayed on their computer screen. more

10 things you should know about developing an identity management system
Michael Kassner
A client recently asked me to come up with a quote for an identity management system. The client’s organization is relatively small, so I was surprised at the request. Still, I assured the client that I’d check into it right away. Can’t be that difficult, it’s just managing passwords, right? Well, not exactly. Here’s what I discovered. more

Undercover: A Case of Help Desk Failure
CSO
How a lack of coordination between departments at a large bank opened up a big security hole, and what we did about it. more

Contactless logical access gaining momentum
SecureIDNews
Logical access can involve either contact or contactless ID cards as well as key fobs but it goes beyond simple passwords. The majority of logical access smart card systems up until now have involved contact cards. But as contactless smart cards become more prevalent for physical access, vendors have introduced products so the same card can be used for logical access. more

CA Delivers IAM Alternatives to Sun Customers
PRNewswire
Sparked by industry consolidation and increased interest in CA's Security Management solutions, CA has created a program to migrate Sun Microsystems customers to CA Identity and Access Management (IAM) products. more

Multifactor Authentication Lags in Adoption
Lawrence Walsh
Passwords are obsolete, putting vast amounts of data in jeopardy of compromise. While security pros and businesses talk about multifactor authentication as a means to protect data, very few have implemented such systems and many people don't understand the concept. In an era where data is king and access is near ubiquitous, multifactor authentication is an absolute necessity. more

Clear is dead. What about my retinal scans?
Jackson Shaw
So, the TSA has my biometric information but not my name in order to prevent fraudulent enrollments under alternate identities? Hmmm, does that mean that the TSA has my biometric information but not my name but does have my social security number? Otherwise, how would they prevent fraudulent enrollments? more