Video Screencast Help
Authentication (User) Blog
Showing posts in English
vipmobile | 10 Jun 2008 | 0 comments

It's now been about two months since we announced the VIP Developer Test Drive, and it's been a great success! Nearly 200 developers have downloaded the API, and many have already gone on to integrate it into their own applications. Over at Sun, Jeff Bounds has blogged about his integration of VIP with Sun Java System Access Manager/OpenSSO, and even posted step-by-step instructions on the Sun Wiki.

So, have you downloaded the API yet?

Tim Callan | 30 May 2008 | 0 comments

As referenced on Mike Jones's blog, Fun Commutations has deployed a service at: http://idtheft.fun.de/ that attempts to demonstrate a man-in-the-middle based phishing attack against a number of OpenID providers using Janrain's IDSelector. Since our Personal Identity Provider or "PiP" is one of the providers included in the Selector we naturally had a look.

The good news is that there are a couple of features specifically designed in the PiP to combat the attacks noted in the demonstration. The first is found within the PiP itself. The optional feature is called "Secure Sign-On" and the way it works is that if the user has enabled it, they must first be logged into the PiP *before* they attempt to login to a RP. If they are not logged in and they attempt to login they will be...

vipmobile | 27 May 2008 | 0 comments

Whenever anyone talks about typical authentication use cases, they inevitably use a financial institution as an example. "The user logs into his bank to perform a transaction." or "The bank issues the user a credential to protect his account." We use financial institutions as an example because it's an easy situation to explain -- you have a place with a lot of money, criminals like money, so we protect the money from the criminals. Simple, right?

But we should look beyond the "obvious" places where additional security is needed. If someone breaks into your online bank account and steals your money, it's almost certain that your bank will eventually cover your losses. It may be a giant headache for you, take a ton of time and effort, and it probably reduces your faith in online banking, but you will most likely be made "whole." But now what if someone breaks into your online health record? Or your email account? Or your social networking profile? Or your blog? Who's going to...

nicolas_popp | 27 May 2008 | 0 comments

The controversy around personal and social data portability is growing. For consumers, it is an important issue because it will determine how much ownership they will be able to enforce upon their "digital identity" that lives today across competing Internet silos. For the silos, the Google, FaceBook, Yahoo! and Microsoft of the world, a lot is at stakes since, ultimately, it is about whom consumers will entrust with their digital self.

Undoubtedly, data portability is the natural child of federated identity (more on that in a future post). Personal and social data are an important part of any consumer identity'. Like identifiers, credentials and profile attributes, social graphs, activity streams belong to the end user who created them in the first place. In the long run, consumers will require full control, privacy, security and portability over...

nicolas_popp | 19 May 2008 | 0 comments

The issue of personal data portability is rapidly moving center stage. So, what is the big fuss about and what is really at stake here?

For us, as consumers, it is an important issue because eventually, it will determine how much ownership we will be able to enforce upon our personal data and content, including our social graph, that today, is dispersed across competing social networks and Web portals.

For Google, and FaceBook (FB), the stakes are equally high. Ultimately, the winner could take it all and be the one who really drives revenue from social networking. But to understand, we need to review the controversy first.

It really all started with OpenSocial. OpenSocial was Google's response to the rapid rise towards hegemony of FB APIs. To counter FB, Google...

vijai | 16 May 2008 | 0 comments

Posted by Vijai Shankar, Sr. Product Marketing Manager

Consumer Authentication has been around for over 10 years in other countries, but here in the USA, adoption has been slow due to a myriad of reasons... the main one seems to be the perceived high cost. As you've probably gathered by now, we don't think it has to be that costly, so we developed a new whitepaper on "5 strategies to reduce the cost of consumer authentication". I know you're thinking this has to be pure marketing fluff, but I think you'll find some nuggets of info in there that are worth exploring. After all, we must be doing something right, we just won the Network Products Guide 2008 Product Innovation Award.

Don't forget:, if you want to test drive VeriSign Identity Protection Authentication Service and see how easy consumer...

vipblog | 05 May 2008 | 0 comments

By Yohai Einav, Senior Fraud Analyst

I have six friends that serve me true
Their names are Why and What and When
and How and Where and Who.
-- Rudyard Kipling

Why quote Kipling in an online identity blog? According to all his biographies, Kipling was never a victim of identity theft, nor did he ever write a blog.

But Kipling knew something about the 6 W's, something that we, in the security industry, often forget: starting with the "Why."

Have you noticed the phenomenon: every discussion about identity theft, security and online fraud - starts with the How and What questions:

"How do fraudsters attack banks?"
"What technologies are fraudsters using?"
"What is the damage to customers?"
"What can we do to protect ourselves?"

All good questions. But, the first thing we should ask is "why?"

"Why am I being attacked?"
"Why...

vipmobile | 02 May 2008 | 0 comments

We had a little fun with a whiteboard, magnets, some goofy voices and a video camera. Take a look at the premiere of "How VeriSign Identity Protection Keeps George Happy and Safe Online".

vipmobile | 07 Apr 2008 | 0 comments

Say you've got a web application that you develop, and you want to provide your users a stronger form of authentication beyond a simple username and password. Or your users have been asking about two factor authentication, but actually implementing it never moves up on the priority list because your boss thinks it's too complicated, will require months of coding, and a giant new server farm to handle the extra authentication. Or you've got a PayPal Security Key or VIP Security Card and want to enable your own site to use it.

Welcome to the VIP Developer Test Drive!

Today we announced that we're making the API to the VIP Authentication Service freely available to developers to try out on...

vijai | 02 Apr 2008 | 0 comments

Posted by Vijai Shankar, Sr. Product Marketing Manager at VeriSign, Inc.

I posted earlier today about the difficulty in remembering passwords, security questions, our daily tasks etc. and mentioning consumers to ask organizations to introduce secure, yet painless authentication methods. Here's another incentive for organizations to make life easy yet secure for consumers at a lower cost. VeriSign is now offering up to 5,000 FREE CREDENTIALS to each organization joining the VeriSign Identity Protection Network by Sept 30, 2008. This is a great incentive for organizations looking to deploy strong or two-factor authentication and be a part of a Network enables consumers to use a single credential across multiple site. The timing is opportune. With quite a few...