Information Security – May 2014
As industry players such as Google, Microsoft and RSA work on stronger authentication methods that strive to keep personally identifiable information on the client, how will the evolution of two-factor authentication affect enterprise technologies? We look at the security implications of the open FIDO specifications and a range of emerging FIDO-ready technologies that can help security professionals track key developments as adoption of password-free authentication moves a step closer. We also report on the evolving roles of CISOs after the Target breach, and renewed calls for federal legislation on data collection and breach notification. Columnist Marcus Ranum interviews Georgia Weidman about pen testing and network compromise.