Account or credential stuffing is an attack in which the attacker tries out stolen credentials, usually username / email address and password, on many different websites. This attack can be automated by tools for automation in the web area, such as Selenium, curl or PhantomJS, or special tools such as SNIPR or STORM. This attack […]
Phishing refers to attempts to impersonate a trustworthy communication partner via fake websites, e-mails or other messages in order to obtain personal data, for example. As a result, for example account theft or identity theft can be committed or malware can be installed. Phishing is one of the social engineering attacks that exploit the victims’ […]
As everywhere in IT security, it is also important in identity management that a measure is both secure and usable. Users can get creative if something is too time-consuming, annoying or otherwise impractical for them. Is there too many steps to authenticate on the notebook? Then the screen is not locked. Does the screen need […]
In this example, the nerdhorn is both parent and partner and therefore has other functions, authorizations and tasks to do. As in normal life, digital identities have different roles. Associated with these roles are permissions. Users can have several user roles. A typical concept that implements this is RBAC, Role Based Access Control. Often the […]
Single Sign-On (SSO) describes the one-time authentication of a user, whereby he or she is authorized to use all associated services without having to authenticate again. SSO is often implemented in companies. If the user changes the device (e.g. from computer to tablet), the authentication is of course no longer necessary. SSO has the advantage […]