"...an in-depth look at the identity-based threat landscape as it stands today in early 2024. In other words, the goal of the piece is taxonomical – to illustrate and define current identity-based threats and then discuss mechanisms to both prevent and detect them. One important goal of the piece is to get “nigh comprehensive” - that is, to cover as much ground as possible when it comes to identity threats and how to address them."

https://duo.com/labs/research/a-security-analyst-s-guide-to-identity-threats

I’m ALL for #passkeys but is there a way to change the default / pre-selected passkey provider in iOS17? If not, why isn’t iCloud the default?

Another week and thus another Identity Jedi Newsletter everyone should read:

"For DECADES we’ve been giving customers an incomplete picture of access. Why? How? We didn’t give enough clarity into WHAT the entitlements where actually giving access to..."

And the Spicy Corner was on fire this week

https://www.theidentityjedi.com/subscribe?ref=Oas5GdHQVq

To be clear here I WANT @1password to support passkeys. I'm a long-time customer because I think it continues to be a really great product, and truth be told I'll probably keep my passkeys with them too.

But passkeys are under such scrutiny right now that any slip up (e.g. account breach because multiple factors of auth are never actually collected) can damage the public's perception of the tech and prevent it from taking off.

I'm sure this will all get cleared up before too long, but it's still worth calling out for the sake of the greater ecosystem.

#1Password #webauthn #passkeys

I'm very excited though to see what the 1Password passkey experience will be. Only 1 more month to go: https://youtu.be/Jm4jy7wL3x4

Here we go! Passkey support in Google: https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/

Wiz raises $300 million in funding, highlighting that cloud security is now the top data security challenge. @wiz_io #cloudsecurity #cybersecurity #cloud https://venturebeat.com/security/cloud-security-provider-wiz-raises-300m-consolidated-cspm-cnapp-platform/ #press

The Identity at the Center podcast has another great conversation for you this week! We talked with Helen Patton of Cisco about her views on a range of IAM topics through the CISO lens. Episode #201 is available now wherever you get your podcasts and at idacpodcast.com

5 Cybersecurity Threats in 2023 (and How #ITDR Can Help) via @duosec https://duo.com/blog/cybersecurity-threats-2023-how-itdr-can-help

“Implementing a zero trust framework, where there is zero implicit trust, means that it has to be established via multiple mechanisms and continuously verified. This is essential to protect an organization’s workforce and workloads in the cloud." says Google CISO, Phil Venables

https://venturebeat.com/security/google-cloud-ciso-phil-venables-zero-trust-essential-to-protect-the-cloud/

Some incredible updates coming out of @duosec and all of ⁦‪@CiscoSecure‬⁩ | All in for Security: Cisco Secure at Cisco Live EMEA 2023 https://blogs.cisco.com/security/all-in-security-resilience-cisco-secure-cisco-live

Cisco Doubles Down on Frictionless Security to Protect Hybrid Work and Multi-Cloud Environments: https://t.co/GtYccquIJx

Q&A with the one and only @wendynather! https://t.co/NRpF0VaYoD

Duo Security Risk Based Authentication & Verified Push on the big stage! Cisco Live 2023 Amsterdam: LIVE Broadcast - Opening Keynote #ciscoliveemea https://www.youtube.com/live/Yq5ET5gmSuM?feature=share

PSA The Microsoft Authenticator app will start enforcing number match on all #Microsoft365 and #AzureAD tenants from Feb 27, 2023

We have some handy change comms templates for you at https://aka.ms/mfatemplates to inform your users of the change.

Use the config options below to have more control of the roll-out in your organization, including a staged roll out to groups of users.

https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match#enable-number-matching-in-the-portal

Liked this? Please boost/retoot to spread the word.

Feel free to follow me for more tips 👍

Be smart. Activate 2FA.
Just open Preferences > Account -> Two-factor Auth and setup OTP and Security Key
#2FA #FIDO2 #OTP #infosec