Zappos Thursday said it was using a SHA-2 cryptographic hash but would not disclose any details about its "cryptographically scrambled" password format in the wake of a breach that forced the company to reset 24 million passwords.
John Fontana's blog traverses the evolving digital identity landscape and its intersection with the cloud, compliance, audit, privacy, mobile computing, API integration and security.
John Fontana is a journalist focusing on access control, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he writes and edits a blog, as well as, directs several social media channels and represents Yubico at the FIDO Alliance. Prior to Yubico, John spent five years with identity vendor Ping Identity. He also spent 15 years as a senior editor for a variety of publications, including Communications Week, Internet Week and Network World, where he focused on enterprise topics including collaboration, directories, network infrastructure, databases, open source, ERP and security. He covered IBM, Microsoft, Cisco, Oracle, Red Hat, Google among other enterprise vendors. His work has also appeared in the New York Times, CNN, CIO and Mashable.
DARPA is working on a plan to create innovative biometric measurements, such as keystrokes and mouse tracking, as a means of authenticating users to Department of Defense (DOD) IT systems. The full system would eventually replace passwords and government Common Access Cards.
Zappos.com resets 24+ million user passwords after hackers attack its servers. The incident reveals once again the frailty of passwords, especially when used across sites, and that the long-term value to hackers of other personal information stored online is higher than credit card numbers.
The Electronic Privacy Information Center has sent a letter to the Federal Trade Commission asking it to investigate Google's integration of Google+ and Google Search. EPIC cites the FTC's ongoing antitrust investigation of Google and Google's April 2011 settlement with the FTC over deceptive privacy practices.
The government has committed multi-millions to helping the private sector build an identity layer for the Internet. But one analyst says either the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) could result in one government action rendering another moot and bungling the promise of secure IDs.
A bank fraud case in Colorado could help determine the legal protection of users who password protect data. In the case, a woman is arguing that giving up her password to unlock encrypted data stored on a laptop is a violation of her Fifth Amendment rights.
The Electronic Privacy Information Center (EPIC) is asking the Federal Trade Commission to look into Facebook's new Timeline feature as a possible violation of the social networking giant's November settlement with the FTC. EPIC's concerns with Facebook's privacy practices in 2009 led to the current settlement.
John Fontana is joining ZDNet to author a blog around identity and its implications for privacy, security, mobile computing, social networking and other topics. Here is a look at his background and the two-way dialogue he hopes to have with readers.
Identity is talking on a new level of importance as cloud and mobile computing put pressure on corporate IT. What impact will that have on enterprise architects and networks. This blog plans to help you figure that out.