The Internet Identity Workshop meets twice a year and publishes proceedings for those who were unable to join. IIW34 was held at the end of April, and our own Heather Flanagan led a topic entitled “What do you wish you’d known when you first started in identity?”, which is a topic near and dear to all of us in IDPro. Here’s a quick overview of some of the thoughts participants came up with (I deliberately did not edit the bullets captured from the whiteboard):

Wish I’d been there for the live discussion! These are some of the same challenges we’ve all had throughout our careers. Fortunately, we now have IDPro to help newcomers to the identity and access management industry with some of these challenges, starting with our Body of Knowledge, which addresses many of the questions above.

The green statement added to the first bullet stating that there’s “always a new context to solve for” especially rang true for me. This is a workspace that is constantly evolving, and you’re never really “done”.  That definitely feeds into the “Don’t worry solve everything” idea. Huh? Wait, what? Had to check with Heather on that one, and in the heat of the moment, words were missed on the whiteboard. The discussion actually went along the lines of “Don’t worry about solving for everything; every process is an evolution.” Okay, that makes more sense. To look at identity from an agile perspective, this is clearly a practice that benefits from iteration as new contexts continually show up.

Not captured on the whiteboard, but every bit as relevant, IDPro member Joe Andrieu said “I wish I knew that identity is how we recognize, remember, and respond to specific people and things. I also wish I knew that different people have fundamentally different mental models of what identity means. And we often talk past each other even as we honestly try to communicate.” So true! He also shared links to his Functional Identity Primer and Five Mental Models of Identity articles with the group. Definitely worth a read, folks!

What else do you wish you’d known when you got started in this space? Let us know in our Slack workspace and keep the conversation going.

Greg Smith

Chair, IDPro Editorial

Radiant Logic

Greg Smith is a Solutions Architect with Radiant Logic. He has been implementing Identity & Access Management solutions for over 35 years. He holds BSEG and MSBA degrees from Bucknell University, where he also began his professional career before moving into the Pharmaceutical industry in 1996. After a 25 year career there, he recently retired from Johnson & Johnson, where he led the engineering team for J&J’s single sign-on, risk based authentication, multi-factor authentication, access governance, directory synchronization and virtualization, provisioning automation, and PKI services. He has spoken at Identiverse® and other industry events on numerous occasions. He was recently CIDPRO certified and is also a founding member of IDPro, where he currently chairs the editorial committee.

The post What do you wish you’d known when you first started in identity? appeared first on IDPro.

These packages include one Identiverse event ticket, donated by Identiverse, and up to $1,000 for expense reimbursement, fully funded by generous donations from IDPro members.

“We are excited to be able to offer these Diversity & Inclusion Packages to the identity community. I have been a firsthand witness to the impact these values are having on this industry and am very proud of our organization for being able to support this effort.” — Heather Vescent, Executive Director and President of IDPro.

To be considered, please submit a personal statement of no more than 300 words to director@idpro.org by 11:59 PM PDT on June 7, 2022. Your personal statement should answer the following questions:

1. Can you please share a little bit about your background?
2. How did your interest in identity come about?
3. What do you hope to learn at Identiverse 2022?
4. Why are diversity and inclusion important to you?
5. Are you willing to write a brief blog post or be interviewed about what you learn at Identiverse 2022? 

Please include any social media links in your personal statement. 

Our vision at IDPro drives us toward enabling a diverse, supportive, and inclusive identity community and we are grateful for our dedicated members who are helping us achieve this important goal. We look forward to reviewing your submissions and we hope to see you at Identiverse 2022!

The post Announcing IDPro®’s Diversity & Inclusion Packages for Identiverse® 2022! appeared first on IDPro.

We asked the IDPro community to share their thoughts on password safety and they didn’t hold back! 

“Use a different password for each site and use a password manager to generate and keep track of them all.” – Greg Smith

“When using passwords: self-service password reset is a must have. If MFA is not available, the ‘password forgotten’ email reset is a low-budget version of MFA.” – Andre Koot (@meneer)

“Don’t generate your own passwords. People are bad at being random. Have a computer generate it and either memorize it or use a password manager. If you can – especially if you need to memorize it – use a wordlist generator to create a very long but human-memorable password. Pro tip: if a site lets you have a long password with spaces but still has archaic complexity requirements, create a long wordlist password then append ‘Aa1!’ to the end of it to hit all the character classes.” – Justin Richer (@justin__richer)

“If you must use passwords, one trick is to use the hash of your password instead, salted with the domain. That way, it’s reproducible but still reasonably ‘random.’ It’s reproducible given your unique knowledge of the passphrase and uniquely salted for the particular website. This way you don’t have to store it in a password manager. If there is a character limit, use either the largest portion that the website will allow or some standard number of characters, or follow an algorithm. For example: google.com is 10 characters, so use the first 10… 

$ openssl passwd -6 -salt ‘google.com’ ‘correct battery horse staple’ | cut -d’$’ -f4 | cut -c 1-10

Be sure to consider command line history if you adopt this method, though.” – Shannon Roddy

“When possible, don’t use passwords at all. With the imminent introduction of FIDO’s multi-device credentials, it will be easier than ever to leave those relics behind. This time, it’s really happening!” – Vittorio Bertocci (@vibronet)

“If it was up to me, I would introduce a minute of silence on World Password Day for all the forgotten passwords as part of breaches – followed by a demonstration of hate for passwords organized by the MFA (Movement For ‘better’ Authentication). I would finish the day by unsubscribing to a service provider I no longer use to reduce the storage needs for my password manager…and celebrate Cinco de Mayo!” – Elie Azerad (@ElieAzerad)

Learn more about World Password Day and share your thoughts with us on Twitter. And be sure to #LayerUp!  

The post Observe World Password Day With the IDPro® Pros! appeared first on IDPro.