In the IT world authentication is a process that verifies or identifies if a user is actually who he claims to be. This protects systems, networks, devices or applications from unauthorised access or use as only legitimate authenticated users are allowed to access the resources. Usually, user authentication is achieved by submitting a valid username or user ID and its corresponding private information (e.g. a password).
It is commonly accepted that Data is the lifeblood of every business. Unless of course, your company still does bookkeeping with pen and paper? If not, the chances are that the day-to-day operations of your business cannot function without Data. Data lasts forever and is being used in ways we can’t even imagine - almost every device is a computer producing data these days.
This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. Phishing attacks are starting to evolve from the old-school faking of login pages that harvest passwords to attacks that abuse widely-used identity systems such as Microsoft Azure Active Directory or Google Identity, both of which utilize the OAuth authorization protocol for granting permissions to third-party applications using your Microsoft or Google identity.
This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. In Part 1 of this series, we provided an overview of OAuth 2.0 and two of its authorization flows, the authorization code grant and the device authorization grant.
Teleport has been instrumental in helping our clients achieve difficult security and compliance requirements, and today we are proud to announce that our Cloud offering is now SOC2 Type II compliant. Last year our on-premises product was SOC2 Type II certified, and we published an overview on our blog helping explain what SOC2 is and why it has become table stakes for B2B SaaS companies.
Between us — there’s no such thing as zero trust — it’s a catchy term used to describe a very complicated approach to security. But just because marketing loves the term doesn’t mean we should ignore the concept. The idea of zero trust is the assumption that users should be granted the least access possible to be productive, and that security should be verified at every level with consistent protection measures.
