For Practitioners, Written by Practitioners

Identity Security eBook

Learn about the history, breaches, and techniques that made identity the primary attack surface, and where it’s heading next.

Understand the History to See Where Identity Security is Heading Next

The center of gravity has shifted on threat intelligence over the last decade. The incidents that cause the most damage today almost always pivot on the same thing: stolen, forged, or mismanaged identity material. Diving into these will provide you with the strong foundation to react quickly to mitigate threats.

Dive Into the Four Eras of Identity Security

Understand How to Break the Identity Kill Chain

Check Off the Four-Step Checklist for Security Practitioners

Find out what external threats are exposed for your organization.

Try Out Flare

Sign Up for Your Free Trial

From Password Hashes to AI Agent Tokens: What Attackers Actually Steal in Each Era

1990s

NTLM Hash

Lifetime: Until password change

Scope: Single domain

Bearer?: Yes (PtH)

MFA Relation: N/A

2000s

Kerberos TGT

Lifetime: 10 hours (default)

Scope: Domain / cross-domain trusts

Bearer?: Yes (PtT)

MFA Relation: N/A

2005+

SAML Assertion

Lifetime: Minutes (configurable)

Scope: Federated services

Bearer?: Yes

MFA Relation: Bypassed by Golden SAML

2012+

OAuth Token

Lifetime: 1h access / days refresh

Scope: Per-app scopes

Bearer?: Yes (default)

MFA Relation: Bypassed by token theft

2015+

PRT / Session

Lifetime: 14 days (renewable)

Scope: All IdP-integrated apps

Bearer?: Device-bound (TPM)

MFA Relation: Embeds MFA claim

2024+

AI Agent Token

Lifetime: Often non-expiring

Scope: Multi-service / autonomous

Bearer?: Yes (typically)

MFA Relation: No human in loop

← Shorter-lived, narrower scope - Longer-lived, broader scope, less human oversight →