Tag: identity

Authentication and Authorisation Royal Rumble – OpenID vs OAuth vs SAML

Post author By James Tyson
Post date 27th February 2021
No Comments on Authentication and Authorisation Royal Rumble – OpenID vs OAuth vs SAML

There are just as many ways to defend data as there are to attack it. When considering multi-factor authentication, single sign-on, firewalls, and various other controls, the options can be overwhelming. For security professionals (amongst others), the decisions on how to keep data and identities secure starts much earlier – choosing the correct standard to deploy to keep federated identity secure.

Tags authentication, authorisation, identity, information security, OAuth, OpenID, SAML, Standards

General IT Information Security

Password Management Guidance

Post author By James Tyson
Post date 21st October 2020
No Comments on Password Management Guidance

The primary objective of a theoretically sound password formulation policy is password diversity – we want our identity system to contain lots of different, hard to guess passwords.

There are several ways to achieve this but unfortunately most of the common approaches in use today, such as length requirements, complexity requirements, and change requirements, are far from helpful.

Tags good practice, guidance, identity, information security, management, passwords