Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session


Six Authentication Experts You Should Follow

Data Security

Our recent ebook shows what’s wrong with current password-based authentication technology.

But luckily, there are a few leading experts that are shaping the future of the post-password world. Here are six people you should follow:

Get the Free Pen Testing Active Directory Environments EBook

“This really opened my eyes to AD security in a way defensive work never did.”


1. Lorrie Cranor @lorrietweet

Lorrie Cranor is a password researcher and is currently Chief Technologist at the US Federal Trade Commission. She is primarily responsible for advising the Commission on developing technology and policy matters.

Cranor has authored over 150 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security.

Prior to the FTC, Cranor was a Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program.

Check out Cranor’s tips on how often should you change your password. Also an oldie but goodie is Cranor’s dress made of commonly used passwords.


2. Johannes Ullrich @johullrich

Considered to be one of the 50 most powerful people in Networking by Network World, Johannes Ullrich, Ph.D. is currently Dean of Research for the SANS Technology Institute.

A proponent of biometrics authentication, Mr. Ullrich believes it’s a field that is finally gaining traction. He explained in a recent Wired article, “This field is very important because passwords definitely don’t work.” However, he also recognizes barriers before widespread adoption of biometrics.

For instance, while Mr. Ullrich’s latest analysis of the iPhone’s fingerprint sensor was mostly positive, he revealed one big vulnerability: attackers could in theory lift a fingerprint smudge off a stolen iPhone’s glass and then fool the sensor’s imperfect scanner.

Yikes! Better get out my microfiber cleaning cloth.


3. Michelle Mazurek (website)

One of the researchers that brought us the news that a passphrase is just as good as using a password with symbols and/or caps is Michelle Mazurek.

She is currently an Assistant Professor of Computer Science at the University of Maryland. Her expertise is in computer security, with an emphasis on human factors.

Her interest resides in understanding security and privacy behaviors and preferences by collecting real data from real users, and then building systems to support those behaviors and preferences.

Check out more of her work on passwords, here.

david birch

4. David Birch @dgwbirch

David Birch is a recognized thought leader in two things that still count even in the disruptive digital age: money and identity. In his last book, “Identity is the New Money” he presents a unified theory of where these two essential aspects of modern life are heading.

His thinking on identity is based strongly on the work of Dr. Who. Yes, the hero of the long running BBC sci-fi show. Fans know that the Doctor has a psychic paper that always provide just the right information for alien bureaucrats.

Birch envisions something similar: a universal credential that would provide just the information that an online service, retailer, or government agency would require to process a transaction.  Need to prove that you’re 18 years old, have membership in an organization, or access rights to digital content? In Birch’s view, the technology is now available—primarily through biometric, cryptography, and wireless—to accomplish all this without accessing a central database using passwords!


5. Mark Burnett @m8urnett

While some might think passwords are on the outs, realistically, we’ll probably continue to use them for years to come. Therefore, we’ll need the expertise of Perfect Passwords author Mark Burnett to help keep our data safe.

This veteran IT security expert regularly blogs on his own personal website and writes articles for sites such as Windows IT Pro and The Register. Also active on social media, he regularly offers ideas on how to improve passwords and authentication.

Check out this fascinating post on how Burnett experimented with his entire family to see if it was really possible to kill the password.

karl martin

6. Karl Martin @KarlTheMartian

With Ph.D. degrees in Electrical and Computer Engineering, Karl Martin, CEO and Founder of Nymi created a wristband that analyzes your heartbeat to seamlessly authenticate you when you’re on the computer, smartphone, car and so much more. Skeptics who are concerned about their data and privacy shouldn’t be worried, according to Mr. Martin. He contends that all the data is encrypted at the hardware level and created the wristband with Privacy by Design.

In this Wired interview, Martin says that it’s impossible for anyone to trace the signal emitting from the wrist band back to the user unless people opt-in to allow that access – the default setting is opt-out.

In future versions, if Mr. Martin can get our computers, phones and car to talk to us with a voice like Scarlett Johansson’s, our life would be complete.


Cindy Ng

Cindy Ng

Cindy is the host of the Inside Out Security podcast.

Andy Green

Andy Green

Andy blogs about data privacy and security regulations. He also loves writing about malware threats and what it means for IT security.


Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.