#ephemeral-credentials
#ephemeral-credentials

Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

Artificial intelligence

Why AI is forcing a reset of the identity stack | Computer Weekly

IAM is evolving into a critical control plane in an AI-driven world, addressing dynamic identities and new security risks.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

more#identity-management

SF politics

fromWIRED

A DOGE Affiliate Is Now in Charge of the US Government's ID Platform

Greg Hogan will oversee Login.gov, aiming to grow its userbase and establish it as a world-class identity platform.

fromCNET

The Tools That Convinced Me to Take Browser Security More Seriously

Online platforms collect extensive data about users, often through cookies, which can lead to targeted advertising and privacy concerns.

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Assuming connectivity solves security issues is flawed; data movement poses significant risks in Zero Trust programs.

Blockstream Launches Jade Core To Simplify Bitcoin Self-Custody Without Sacrificing Security

Blockstream's Jade Core hardware wallet simplifies Bitcoin self-custody for a broader user base with enhanced security features.

Bitcoin Self-Custody Is A Civil Liberty: Bitcoin 2026

Bitcoin self-custody is being defined as a protected civil liberty, essential for privacy and sovereignty.

Bitcoin's Quantum Problem Is Really A Governance Crisis In Disguise: UTXO

Bitcoin faces a quantum computing threat that requires urgent political consensus for effective protocol changes to ensure security.

2 weeks ago

Bitcoin Developer Unveils Quantum-Resistant Wallet Rescue Prototype

A prototype by Lightning Labs enables bitcoin users to recover funds from wallets threatened by quantum computing.

Blockstream Launches Jade Core To Simplify Bitcoin Self-Custody Without Sacrificing Security

Blockstream's Jade Core hardware wallet simplifies Bitcoin self-custody for a broader user base with enhanced security features.

Bitcoin Self-Custody Is A Civil Liberty: Bitcoin 2026

Bitcoin self-custody is being defined as a protected civil liberty, essential for privacy and sovereignty.

Bitcoin's Quantum Problem Is Really A Governance Crisis In Disguise: UTXO

Bitcoin faces a quantum computing threat that requires urgent political consensus for effective protocol changes to ensure security.

2 weeks ago

Bitcoin Developer Unveils Quantum-Resistant Wallet Rescue Prototype

A prototype by Lightning Labs enables bitcoin users to recover funds from wallets threatened by quantum computing.

more#bitcoin

#remote-work

fromNBC 5 Dallas-Fort Worth

2 days ago

Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but comes with privacy and security risks that require precautions in public spaces.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

fromNBC 5 Dallas-Fort Worth

2 days ago

Logging on at a cafe? Privacy and security guidelines for remote workers

Remote work offers flexibility but comes with privacy and security risks that require precautions in public spaces.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require careful management.

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

more#remote-work

fromNextgov.com

GSA taps Greg Hogan as head of government's identity proofing service, Login.gov

[Hogan] will be focused on expanding the number of people and agencies successfully using Login.gov, enhancing the user experience, and improving the cost-effectiveness while continuing to meet the highest expectations for security, privacy and reliability.

Privacy professionals

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.

fromwww.theguardian.com

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

Information security

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

fromMail Online

Privacy technologies

How to create secure passwords - it might be time to switch to passkey

fromwww.bbc.com

UK cyber chiefs say it's time to ditch passwords for passkeys - what are they?

People in the UK are encouraged to use passkeys instead of passwords for better online security.

fromInfoWorld

UK's NCSC calls passkeys the default, says passwords are no longer fit for the purpose

Passkeys are recommended as the primary authentication method due to their security and user-friendliness compared to traditional passwords.

Careers

fromEntrepreneur

4 days ago

How to Know Where Your Security Threat Is Before It's Too Late

Organizations winning the security talent war operationalize key questions to prevent knowledge loss and enhance cybersecurity resilience.

fromwww.theguardian.com

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.

fromMail Online

How to create secure passwords - it might be time to switch to passkey

Using unique passwords and transitioning to passkeys enhances online security and reduces the risk of cyber threats.

fromwww.bbc.com

UK cyber chiefs say it's time to ditch passwords for passkeys - what are they?

People in the UK are encouraged to use passkeys instead of passwords for better online security.

fromInfoWorld

UK's NCSC calls passkeys the default, says passwords are no longer fit for the purpose

Passkeys are recommended as the primary authentication method due to their security and user-friendliness compared to traditional passwords.

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

Artificial intelligence

21 hours ago

Why AI agents are triggering a rethink of enterprise identity | Computer Weekly

Integrating AI securely into enterprise systems requires continuous identity evaluation to limit risks and enhance security controls.

DevOps

fromInfoQ

HashiCorp Vault 2.0 Marks Shift to IBM Lifecycle with New Identity Federation

HashiCorp Vault 2.0 introduces significant updates, including a refined security model and Workload Identity Federation for improved secret management across cloud environments.

Digital life

fromThe New Yorker

The Anguish of Data Loss

Data preservation is crucial, yet digital devices are fragile and often treated carelessly, leading to significant loss when data is not backed up.

#ai

Information security

After Mythos: New Playbooks For a Zero-Window Era

Information security

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

Information security

From Scripts to Swarms: Why AI Is Breaking Traditional Sybil Defenses

AI agents will centralize identity management, enhancing security against Sybil attacks through advanced automation and dynamic behavior.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

After Mythos: New Playbooks For a Zero-Window Era

AI advancements have drastically reduced the exploit window, necessitating new security strategies to address vulnerabilities in software.

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.

From Scripts to Swarms: Why AI Is Breaking Traditional Sybil Defenses

AI agents will centralize identity management, enhancing security against Sybil attacks through advanced automation and dynamic behavior.

fromwww.independent.co.uk

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Tinder Scanning Users' Eyeballs to Prove They Aren't Creeps

Tinder partners with World project for biometric verification using iris scans to combat scams on dating apps.

EU data protection

What are EU digital identity wallets? The benefits and risks explained

The Independent provides accessible journalism on critical issues like reproductive rights and digital identity, emphasizing the importance of on-the-ground reporting.

fromwww.housingwire.com

Disconnected systems fueling title, wire fraud risks

Disconnected systems, inconsistent definitions of data, and the manual nature of data movement create ongoing challenges in the title industry, according to FundingShield President Adam Chaudhary.

Real estate

#email-authentication

Deliverability

fromWordtothewise

DKIM2: What it means for the future of email

DKIM2 is a new email authentication protocol in development, improving security and reliability over DKIM and addressing issues from previous methods.

fromNieman Lab

Privacy technologies

Why "magic links" and passcodes are taking over news logins

Deliverability

fromWordtothewise

DKIM2: What it means for the future of email

DKIM2 is a new email authentication protocol in development, improving security and reliability over DKIM and addressing issues from previous methods.

fromNieman Lab

more#email-authentication

Privacy technologies

Why "magic links" and passcodes are taking over news logins

fromNature

2 weeks ago

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.

Higher education

fromZDNET

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

#vpn

fromThe Village Voice

Cryptocurrency

Which VPN makes sense for crypto traders in 2026? - The Village Voice

Online age checks came first - a VPN crackdown could be next

Lawmakers aim to ensure VPNs do not obstruct online age verification efforts.

fromThe Village Voice

Which VPN makes sense for crypto traders in 2026? - The Village Voice

Crypto traders must choose VPNs based on technical fundamentals like protocol choices, logging policies, and security features to protect their activities.

Online age checks came first - a VPN crackdown could be next

Lawmakers aim to ensure VPNs do not obstruct online age verification efforts.

Can Sam Altman make proving you're human seem cool-and essential?

World ID aims to provide verifiable proof of humanity to combat deepfake impersonation and increasing online bots.

Beyond the Breach: Why rsETH's Depegging Demands a New Standard for Bridge Security

KelpDAO's rsETH depegged after a breach, highlighting the need for improved bridge security in collateral risk management.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

#generative-ai

fromBig Think

4 weeks ago

Digital life

3 ways to prove you're human online

fromNextgov.com

New methods for assuring digital identity and authenticity

Generative AI is transforming content creation, increasing the need for reliable identity verification and authenticity in digital media.

Digital life

fromBig Think

4 weeks ago

3 ways to prove you're human online

Generative AI is rapidly increasing information production, leading to a potential scarcity of human-generated content and a need for new human verification methods.

fromNextgov.com

New methods for assuring digital identity and authenticity

Generative AI is transforming content creation, increasing the need for reliable identity verification and authenticity in digital media.

Proton CEO: Age checks turn internet into ID checkpoint

Age verification risks transforming the internet into a system requiring identification for all users, compromising anonymity and security.

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

Proton CEO: Age checks turn internet into ID checkpoint

Age verification risks transforming the internet into a system requiring identification for all users, compromising anonymity and security.

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

more#age-verification

fromSecuritymagazine

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.

1Password sees AI as both threat and tool

AI presents both risks and opportunities for password management, requiring firms to balance security with the potential for careless app development.

fromComputerworld

World ID expands its 'proof of human' vision for the AI era

World ID aims to enhance digital identity security through innovative technology and tools, but concerns about safety persist.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

fromBusiness Matters

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

Tycoon 2FA continues to operate despite international takedown efforts, facilitating phishing attacks and compromising accounts without alerts.

fromPrivacy International

What is digital fingerprinting: Is my device ever truly anonymous?

Digital fingerprinting is a tracking technique that monitors how browsers and devices communicate online.

Anthropic Adds ID Verification to Claude for Select AI Users

Anthropic implemented ID checks for Claude users in April 2026 to limit abuse and meet legal obligations, while not storing ID images on its systems.

#identity-verification

fromwww.businessinsider.com

Claude is requiring some of its users to verify their identity. Here's Anthropic's explanation.

Anthropic is implementing identity verification for some Claude users to combat fraudulent behavior.

Anthropic starts checking ID for some Claude users

Anthropic is implementing identity verification for certain Claude features to enhance platform integrity and compliance.

This crypto ring certifies your digital self with real-life handshakes

Quartz is a speculative ring concept using biometric verification and physical handshakes to authenticate identity and prevent AI-driven spoofing scams targeting older adults.

fromwww.businessinsider.com

Claude is requiring some of its users to verify their identity. Here's Anthropic's explanation.

Anthropic is implementing identity verification for some Claude users to combat fraudulent behavior.

Anthropic starts checking ID for some Claude users

Anthropic is implementing identity verification for certain Claude features to enhance platform integrity and compliance.

more#identity-verification

This crypto ring certifies your digital self with real-life handshakes

Quartz is a speculative ring concept using biometric verification and physical handshakes to authenticate identity and prevent AI-driven spoofing scams targeting older adults.

fromwww.socialmediatoday.com

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

EU data protection

X commits to altering its verification program in EU

X agreed to update its European verification process following EU Commission guidance to avoid penalties for misleading blue checkmarks that can be purchased by anyone.

Artificial intelligence

World pitch: scan eyeballs to tie identity to AI agents

World is launching AgentKit, a technology linking AI agents to verified human identities through iris-scanning orbs to prevent AI abuse and establish trust in agentic systems.

Tech industry

Is it even possible to decentralize social networking?

Jay Graber stepped down as Bluesky CEO to become chief innovation officer, with venture capitalist Toni Schneider taking the interim CEO role to help scale the platform's growth.

Business

fromFortune

Crypto is facing an identity crisis-but it's hardly the first time | Fortune

A shirtless spectator's crypto ad stunt at the Super Bowl worsened public perception amid a major crypto sell-off and internal industry disillusionment.

Miscellaneous

The Core Issue: Libsecp256k1, Bitcoin's Cryptographic Heart

Libsecp256k1 evolved from a hobby project into essential consensus-critical software protecting Bitcoin's multi-trillion dollar network through secure elliptic curve cryptography implementation.

Age verification isn't sage verification inside OSes

California's Digital Age Assurance Act attempts age verification for minors but is vague, incoherent, and creates liability risks without clearly defining compliance requirements or addressing practical implementation across diverse computing devices.

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Guy Zyskind emphasized that the whitepaper reframes the conversation around quantum threats, stating that the traditional 10-year migration window now seems dangerously optimistic given Google's findings.

Information security

Naoris Protocol Deploys Post-Quantum Mainnet to Secure Global Digital Infrastructure

Naoris Protocol launched its Layer 1 mainnet for decentralized post-quantum security, processing over 106 million transactions to combat quantum computing threats.

4 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

fromPinkNews | Latest lesbian, gay, bi and trans news | LGBTQ+ news

Discord users must complete face or ID scans by next month

Discord will require face or government ID age verification by the end of the month, restricting access to graphic or sensitive content for unverified users.

Security boffins harvest bumper crop of API keys from web

Almost 2,000 API credentials were found exposed on 10,000 webpages, posing significant security risks to organizations and critical infrastructure.

fromArs Technica

World ID wants you to put a cryptographically unique human identity behind your AI agents

World ID's Agent Kit enables AI agents to prove human authorization through iris-verified identity tokens, allowing websites to distinguish legitimate automated requests from malicious Sybil attacks.

Breez SDK Launches Passkey Login For Seedless Bitcoin Wallets

Breez SDK now enables self-custodial Bitcoin wallets using passkey authentication instead of seed phrases, reducing barriers to self-custody adoption.

fromwww.scientificamerican.com

How do you prove you know a secret without spilling the beans?

Zero-knowledge proofs can convince others without revealing secrets, and showing a simulator's potential existence can suffice to establish zero-knowledge in some cases.

Webinar Today: Identity Under Attack - Strengthen Your Identity Defenses

Adopt an identity-first security strategy to protect sensitive data, meet compliance requirements, and balance security, user experience, and operational efficiency against identity threats.

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Many Windows authentication paths bypass MFA protections, allowing attackers to compromise networks using valid credentials despite MFA deployment on cloud applications.

fromWIRED

Password Managers Share a Hidden Weakness

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.

Information security

fromSilicon Canals

The global infrastructure of digital ID is being built right now - and nobody voted for it - Silicon Canals

What I walked through wasn't just an immigration gate. It was a node in a rapidly expanding global infrastructure of digital identity, one being constructed at extraordinary speed, across dozens of countries, by a mix of governments, multilateral organizations, and private technology vendors. The people building it believe they are solving real problems: fraud, statelessness, inefficient public services, financial exclusion.

Privacy technologies

#password-security

Information security

Every day in every way, passwords are getting worse

Information security

What if everything you think you know about passwords is wrong? Here's what really makes a strong password in 2026

Information security

Every day in every way, passwords are getting worse

Information security

What if everything you think you know about passwords is wrong? Here's what really makes a strong password in 2026

more#password-security

fromSecuritymagazine

Privilege Disruption: The Key Choke Point for Cyber Deterrence

Privilege disruption early in the attack chain shifts adversary risk-benefit by imposing cost, risk, and uncertainty to deter and deny cyber operations.

fromCointelegraph

Why Privacy Coins Often Appear in Post-Hack Fund Flows

Privacy coins act as a temporary black box in a broader laundering pipeline after hacks, reducing traceability and delaying enforcement while facilitating cash-out attempts.

fromCointelegraph

Why Address Poisoning Works Without Stealing Private Keys

Address poisoning steals funds by manipulating transaction history and exploiting users copying lookalike addresses, not by stealing private keys.

Security in the Dark: Recognizing the Signs of Hidden Information

Withholding accurate or complete data undermines security decisions and increases organizational risk.

fromZDNET

I switched password managers without losing a single login - here's how

Switching password managers involves exporting passwords to CSV and importing them into a new app, then reviewing settings before deleting the old manager.

fromSitePoint Forums | Web Development & Design Community

Is It Safe to Use Virtual Numbers for OTP-Based App Testing?

Virtual phone numbers enable developers to test OTP-based authentication systems safely without exposing personal information or creating account limitations.

SIM Swaps Expose a Critical Flaw in Identity Security

SIM swap attacks exploit structural weaknesses in mobile-based identity verification, allowing criminals to intercept authentication codes and take over accounts by transferring victims' phone numbers to attacker-controlled SIM cards.

Password managers don't protect secrets if pwned

Bitwarden, LastPass, and Dashlane can fail to protect credentials under server-compromise scenarios, allowing disclosure or alteration of user passwords.

fromKotaku

Hackers Raise The Alarm About Discord's Recent Age-Verification Partner - Kotaku

Persona's weak security enabled hackers to access biometric data and revealed extensive surveillance, including facial scanning against watchlists, raising privacy and government-collaboration concerns.

fromComputerworld