Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Authentication (User) Blog

Showing posts tagged with Identity
Showing posts in English
nicolas_popp | 22 Feb 2009 | 0 comments

There have been a few very insightful discussions from Chris Messina and other regarding the PIP as a secure file, so I thought I would share some of our longer-term product goals.

Today, the PIP file vault is a personal digital locker for our users to manually upload their most personal files. That by itself is not an innovation. In fact, the Web is full of personal storage services like Gmail. Online storage provides immediate and useful value, yet its usefulness is limited by the amount of work an end-user is willing to commit (uploading takes work!).

Now it is interesting to consider how this simple Web 1.0 model of personal digital storage evolves when combined with an OpenID provider. Together, can these technologies allow us to transfer and store in one single place under our control the personal files, private data and rich media content that is...

nicolas_popp | 17 Feb 2009 | 0 comments

The PIP team just released a new feature on Friday: a secure digital vault to store your most personal documents online. Think of it as a digital lock box in the cloud to store copies of your most important documents online (deed of trust, will, passport, property pictures for insurance, etc).

p1.JPG

Since, these documents are your secrets, all files are encrypted using key management best practices. To increase security, access to the vault requires two-factor authentication. If you already have a VIP token, simply link it to your PIP account. For our most cost conscious PIP users, we offer a free mobile version of the VIP OTP token. It can be downloaded to your phone here (I use the iPhone Beta version that will be available soon). Once strongly...

nicolas_popp | 12 Feb 2009 | 0 comments

Great news for OpenID aficionados, the largest identity social network is embracing OpenID. With 221M users, one could easily conclude that OpenID has just received the stimulus package that it needed to finally achieve critical mass. But, what does it really mean for OpenID? While we are all looking forward to the day FaceBook becomes both an OpenID provider and relying party, the initial impact is more likely to be a significant change in the OpenID user interface. As shown, here and...

nicolas_popp | 11 Jan 2009 | 0 comments

This week, the PIP team is releasing an improved version of the 1-click sign in. The great news is that PIP users are no longer restricted to our small initial list of supported sites. Indeed, you can now add any of your favorite sites to your 1-click list (with a few caveats such as pure flash sites). Over time, we will monitor the most popular sites being added and we will include them to the default 1-click list.

This is great news for PIP users, especially for the non-US community who is no longer limited to our choice of sites (I must confess that our initial list was very US-centric). By the way, kudos to the PIP engineering team: doing all this in JavaScript without any browser plug-in is a real engineering "tour de force". Also, the team also improved the UI and performance of the bookmarklet window. Note that you will be prompted to re-install the 1-click bookmarklet.

The Internet is getting easier. Happy 1-click navigation!

...

Vicente | 06 Jan 2009 | 0 comments

I always find it interesting the way old scams are redressed for new and emerging channels.

That was the case during the last few days when Twitter users and employees found themselves under attack by phishers and hackers: follow these links to find a good account of the former and the latter.

Today I'll talk about the phishing attack, which consisted in luring people to give away their twitter passwords to a fake site, the novel aspect is that it used twitter-generated messages (Direct Messages) to propagate to your list of contacts (Followers).

This is all pretty similar to what we have seen with phishing via e-mail, but with two key differences:

- The first one is that e-mail phishing is a "mature product" where phishers are one...

nicolas_popp | 03 Jan 2009 | 0 comments

2009 promise to be a pivotal year for OpenID. So far, industry adoption has been strong with consumer powerhouses such as Google, Yahoo!, Microsoft and MySpace backing up the technology. At the same time, consumer adoption remains limited to early adopters. Meanwhile, FaceBook, the identity provider of choice for 160M consumers is promoting its own alternative in the form of Friends Connect, creating the risk of balkanization. With a new year beginning, a recently augmented leadership, and high competitive stakes, the moment felt opportune to put together my 2009 wish list for OpenID.

Execution: The Separation of Concerns

My first wish is organizational. The OpenID foundation board host really bright and passionate people. Folks are committed to the success of OpenID. Across the board, there is also a strong willingness to do what is right. Nevertheless, execution...

nicolas_popp | 13 Dec 2008 | 0 comments

As you probably heard, a significant network security incident happened last week. A large phishing attack was perpetuated against CheckFree.com. Millions of consumer identities have presumably been stolen. Consumer impact aside, the attack warrants our attention because it shows the new challenge that identity and access management faces in a world of outsourced network services. For businesses, the lesson is as clear as it is scary. In a world of SAAS, you do no longer control your security. Your home-grown access policies have become irrelevant. As an enterprise, you have lost control of your network protection. Unfortunately CheckFree and millions of their consumers learned this lesson the hard way last Friday.

So what happened? In a nutshell (you will find a very good explanation...

nicolas_popp | 03 Nov 2008 | 0 comments

There has been a lot of buzz around Google's OpenID announcement last week. First, because Google awkwardly decided to change the service end point discovery part of the protocol. The good news is that Google fixed their faux-pas fairly quickly. In fact, they had no reason not too follow the spec and alienate the OpenID community.

More significant and more interesting however, was Google OpenID departure from requiring users to use URL as OpenID identifiers. Instead Google wants to let users use their GMail address as an OpenID identifier. Using GMail addresses as OpenID is not only a justifiable way to improve the OpenID user experience; it is also a very smart move by Google in their quest to become the dominant Internet identity provider (IDP).

As a consumer, there is no doubt that using an email address is the obvious identifier...

vipblog | 20 Oct 2008 | 0 comments

by Perry Tancredi, Senior Product Manager, VeriSign Fraud Detection Service
Greg Pierson of iovation recently wrote an interesting blog postabout the idea that the more places your identity information resides, the greater the chance of your identity actually getting stolen. It reminded me of an incident that happened to me recently. I live in a condo and our neighbor's sprinkler system had gone off. There was so much water that it seeped through the walls and ceiling and flooded one of our rooms, which happened to be carpeted. Our landlord, along with the condo association, arranged to have the carpet replaced. When the workers arrived, they insisted on taking my wife's credit card number even though they weren't going to charge us. They took an impression of the card, and then insisted on writing down the CVV2 number (the three digit number on the back of the card, often...

Tim Callan | 09 Sep 2008 | 0 comments

Today we announced that the American Bankers Association will be joining the VIP Network. We are very excited about this on many levels. Getting VIP credentials into the hands of 350 member banks creates a huge opportunity for VeriSign and makes this much more convenient for their users. ABA Members will have first hand experience with strong authentication on tools they use every day. And as this protection rolls out, ABA member banks will witness how easily they can deploy strong, two-factor authentication, and how convenient it is for their customers. We look forward to working with the ABA. Welcome to the network!