MFA

TL;DR You don’t need a twelve-month program to stop the most common identity breaches. In 30 days, you can close the biggest gaps: Purge orphaned accounts Process leavers the same day Rotate & vault NHI (non-human identity) passwords/keys Enforce MFA everywhere; phishing-resistant for admins Disable legacy/basic auth + app passwords Kill standing admin; adopt least privilege + JIT elevation Put critical apps behind SSO; disable local logins Run a high-risk access review sprint Establish a Conditional Access baseline (device/risk/location) Turn on identity logging & alerts; harden break-glass Below is a day-by-day plan with owners, acceptance criteria, checkpoints, and metrics....

Introduction: Why Zero Trust, Why Now? In 2023, attackers breached a major global financial services company by compromising a single VPN account. That one set of stolen credentials gave them access deep into the network, exposing millions of customer records. The organization had spent millions hardening its perimeter firewalls—but once the attacker got inside, there were few controls to stop them. This is the reality of today’s threat landscape: the perimeter is porous, and identity is the true control point....

TL;DR Multi-Factor Authentication (MFA) remains one of the most effective and underutilized defenses in modern cybersecurity. Despite being widely available, it’s often poorly implemented or misunderstood. In this post, we break down: Why MFA is still essential in 2025 Common MFA methods (and which to avoid) How attackers are bypassing MFA Best practices for enterprise adoption 🔍 Background Fifteen years into IAM, I’ve watched the industry shift from passwords to push prompts, biometrics, and passkeys....

TL;DR Feeling confident in your organization’s Zero Trust posture? This “Zero Trust Readiness Quiz” leverages the same practical checklist approach I’ve used across enterprises, SMBs, and personal environments to help you gauge where you stand across the seven tenets of Zero Trust defined by NIST SP 800‑207 and CISA’s Zero Trust Maturity Model. Answer ten quick checklist questions about your asset inventory, least‑privilege policies, continuous monitoring, and more. Score your results to identify gaps and prioritize your next steps....

TL;DR Authentication is the process of verifying that users are who they say they are. It’s the gatekeeper to every digital system, and when done poorly, it becomes the #1 way attackers break in. From passwords to biometrics to FIDO2, authentication has evolved into a key pillar of Zero Trust security. In this post, we’ll explore: How authentication works Different types (and what’s still worth using) Best practices for IT teams How AI, phishing, and automation are shifting the landscape 🔍 Background After 15 years working in Identity and Access Management, I can confidently say: authentication is where security begins—or where it breaks down....

Password Requirements Password Composition Minimum Length: All passwords must be at least 12 characters long. Longer passwords (16+ characters) are strongly encouraged. Character Requirements: Passwords must include at least: One uppercase letter (A-Z) One lowercase letter (a-z) One numeric digit (0-9) One special character (e.g., !@#$%^&*()_+-=[]{}|;:’",.<>/?`~) Complexity Enforcement: Password creation systems must validate these requirements in real-time and provide feedback to users. Dictionary Word Prevention: Passwords cannot consist solely of common dictionary words, regardless of character substitutions....