authentication – CIO.works

The Death of Identity as We Know It

In “The death of identity as we know it,” Steve Tout discusses the evolving challenges of AI governance, emphasizing that identity must shift from traditional authentication toward authorship and lineage of AI entities like agents, swarms, and digital twins. He highlights the necessity of new governance models that track who creates, trains, authorizes, and controls AI-powered digital representations to ensure accountability, protect institutional knowledge, and prevent misuse as AI becomes integral to enterprise decision-making.

https://www.cio.com/article/4170235/the-death-of-identity-as-we-know-it.html

What CISOs Need to Get Right as Identity Enters the Agentic Era

By CIO / Blog / AI, cybersecurity, authentication

As agentic AI identities rapidly increase, CISOs face new security challenges in managing and securing both human and non-human identities within enterprises. Experts Dustin Wilcox and Michael Adams advise adopting an identity-first security model that emphasizes continuous verification, strong identity hygiene, inventorying non-human identities, and evolving beyond traditional MFA to address expanded attack surfaces and behavioral signal erosion. This shift is critical as identity becomes the primary control plane for security in the AI era, requiring CISOs to rethink frameworks and focus on intent-based access and real-time monitoring.

https://www.cio.com/article/4164014/what-cisos-need-to-get-right-as-identity-enters-the-agentic-era-2.html

Understanding Passkeys

By CIO / Blog / authentication, password

The article explores the concept of passkeys as a modern authentication method based on cryptographic key pairs managed by authenticators, offering benefits like phishing resistance, improved security, and ease of use over traditional passwords. It clarifies common misconceptions, such as the risk of being locked out if a device is lost and how passkeys relate to two-factor authentication, and shares personal experiences using passkeys with various services, highlighting both usability and security considerations. Ultimately, the author advocates for adopting passkeys—especially via password managers—as a convenient and secure replacement for passwords and encourages better security hygiene.

https://marending.dev/notes/passkeys/

Where Multi-Factor Authentication Stops and Credential Abuse Starts

By CIO / Blog / authentication, cybersecurity, threats

MFA often fails in Windows environments due to reliance on Active Directory for logins, allowing attackers to exploit valid credentials. Key vulnerabilities include local logins, RDP access, legacy NTLM, Kerberos ticket abuse, local admin credential reuse, SMB authentication, and unmonitored service accounts. To mitigate these risks, organizations should enforce strong password policies, block compromised passwords, limit legacy protocols, and audit service accounts. Effective tools like Specops can enhance security against credential abuse.

https://thehackernews.com/2026/03/where-multi-factor-authentication-stops.html

Rising Identity Complexity: How CISOs Can Prevent It From Becoming an Attacker’s Roadmap

By CIO / Blog / cybersecurity, IAM, authentication, security controls

The identity surface has expanded dramatically, encompassing employees, contractors, machines, and cloud workloads, making identity management a critical security concern. IAM has evolved from an administrative utility to a proactive defense layer, integrating with security operations to detect and respond to identity-based threats. A threat-aware IAM strategy focuses on continuous posture assessment, attack path analysis, and automated mitigation to protect against credential misuse and privilege escalation.

https://thenewstack.io/ciso-identity-complexity-strategy/

Passwords Are Where PCI DSS Compliance Often Breaks Down

By CIO / Blog / cybersecurity, regulation, PCI DSS, password, authentication

Extreme TLDR: PCI DSS compliance often fails due to poor password practices, like reuse and insecure storage. Enhanced training on password management and using password managers can improve compliance. These tools support key requirements, reduce risky behaviors, and should be integrated into employee onboarding to make secure practices routine. Compliance becomes easier when secure password handling is a default behavior.

https://www.helpnetsecurity.com/2026/01/08/passwords-pci-dds-compliance/

NIS2 Compliance: How to Get Passwords and MFA Right

By CIO / Blog / authentication, cybersecurity, NIS2, regulation

NIS2 Directive mandates improved cybersecurity for EU organizations, focusing on access control and password policies. It applies to medium and large entities in critical sectors with compliance penalties, emphasizing strong authentication measures. Recommendations include using long passphrases, avoiding mandatory password rotations, implementing multi-factor authentication (MFA), and educating users on security practices. Key steps include auditing password policies, deploying management solutions, and monitoring for breaches to align with NIS2 compliance effectively.

https://www.bleepingcomputer.com/news/security/nis2-compliance-how-to-get-passwords-and-mfa-right/

The Rise of Centralized IAM: Managing Identities in a Digital World

By CIO / Blog / cybersecurity, IAM, authentication

Centralized Identity and Access Management (IAM) is crucial for managing both human and Non-Human Identities (NHIs) in a fast-evolving cybersecurity landscape. Common myths, such as a single IAM platform's inefficacy, NHIs' lack of need for IAM, and the belief that unified IAM sacrifices security for convenience, are debunked. Modern centralized IAM can effectively manage all identities, ensuring secure access and compliance with regulations. Advanced IAM technology integrates management of NHIs, utilizing best practices like secure credential storage and least privilege access to enhance security while simplifying processes for administrators.

https://hackernoon.com/the-rise-of-centralized-iam-managing-identities-in-a-digital-world

Phishing, Privileges and Passwords: Why Identity Is Critical to Improving Cybersecurity Posture

By CIO / Blog / cybersecurity, phishing, authentication, password

TLDR: Identity is crucial in cybersecurity; breaches at M&S and Co-op highlight vulnerabilities. Modern attacks exploit cloud and remote work. Protect identity through least privilege access, strong passwords, MFA, and active account management. Embrace Zero Trust and managed detection response for security.

https://www.welivesecurity.com/en/business-security/phishing-privileges-passwords-identity-cybersecurity-posture/

Death to One-time Text Codes: Passkeys Are the New Hotness

By CIO / Blog / cybersecurity, authentication, password

Passkeys revolutionize MFA, phasing out vulnerable one-time passwords. Passkeys replace passwords with cryptographic key pairs for stronger authentication, preventing phishing attacks. Major platforms like Apple and Google support them, demonstrating high adoption rates among organizations. Passkeys improve sign-in success rates and reduce helpdesk incidents, yet usability challenges persist, especially across different operating systems. Ultimately, they represent a significant advancement in secure online identity verification.

https://www.theregister.com/2025/12/06/multifactor_authentication_passkeys/