WinMagic Data Security Blog

After the Login: Our CEO on What Should Protect Every Transaction You Make Next

Every World Password Day, the conversation lands in the same place. Stronger passwords. More MFA. Passkeys. All of it is good progress, and all of it is about the login.  Our founder and CEO, Thi Nguyen-Huu, wanted to ask a different question. Once you have logged in, what protects everything you do after that? His…

Identity for the Agentic Era

In Trustworthy Agents in Practice (April 9, 2026), Anthropic made an observation the rest of the security industry has been reluctant to make plainly: “agents’ behavior depends on all four layers working together. A well-trained model can still be exploited through a poorly configured harness, an overly permissive tool, or an exposed environment.” The paper…

Beyond Passkeys: Why Identity Needs to Live in the Present Tense

The cybersecurity industry has spent twenty years sharpening one moment: login. Passwords gave way to MFA. MFA gave way to passkeys. Each step was real progress. None of them changed the underlying architecture. That architecture treats authentication as a moment. A user proves who they are at the door. The system trusts them for hours…

YellowKey: A New BitLocker Attack That Shouldn’t Surprise Anyone

A researcher operating as Chaotic Eclipse (Nightmare-Eclipse on GitHub) published a zero-day exploit this week called YellowKey. It bypasses TPM-only BitLocker. All that’s needed is a USB stick and a few files. With this, the attacker can reboot into the Windows Recovery Environment which will open an elevated command prompt with the encrypted drive unlocked. WinMagic has validated that this works as described. Researchers also claim a variant that defeats TPM+PIN exists, though…

A note on World Passkey Day

Today the FIDO Alliance has earned its applause. Over a decade of effort, and the world is finally taking the death of the password seriously. That is not a small thing, and I do not want to start by being grudging about it. Passwords were never the right primitive for the online world, and the…
Zero Trust operational technology

Zero Trust for Operational Technology: Identity Must Live in the Transaction

CISA is right that Zero Trust must extend to operational technology. The harder question — the one the guidance does not yet answer — is what identity should look like in environments where networks are intermittent, latency is unacceptable, and credentials cannot be replayed. Our position is that identity must live in the transaction itself.…

Why FIPS Matters Differently When the Endpoint Is the Authenticator

What changes when cryptographic validation stops being about data on a disk and starts being about identity in a transaction  WinMagic recently announced FIPS 140-3 validation for SecureDoc and MagicEndpoint (Certificates #5204 and #5214). For anyone familiar with full-disk encryption, the Federal Information Processing Standards (FIPS) 140 certification is expected — proof that cryptographic operations meet a federally…
WinMagic CEO Thi Nguyen-Huu featured in The Fast Mode on endpoint encryption as the missing foundation of zero trust

Why Endpoint Encryption Is the Missing Foundation of Zero Trust

Your endpoints already have the hardware to verify and prove device and user integrity continuously. The industry just has not been using them correctly. The cybersecurity industry has been looking at the endpoint backwards. The prevailing view treats endpoints as vulnerabilities to be locked down. In his interview to the Fast Mode, our Founder and…
The Flaw in Modern Passwordless Authentication

The Flaw in Modern Passwordless Authentication

The architectural flaw behind trillions of online transactions every day — and the fix that is already possible today. The passwordless authentication protocols we rely on trillions of times a day have a fundamental flaw. Correcting it eliminates phishing, session hijacking, and AI-driven attacks — with no user action at all. This is the argument…

Electronic Signatures vs. Digital Signatures: What Most Businesses Get Wrong

Not all electronic signatures are created equal. As WinMagic CEO Thi Nguyen-Huu puts it during his interview with Forbes: “A simple electronic signature is just an image of ink on a screen. A true digital signature is pure math, legally and cryptographically binding an identity to a file.” The efficiency benefits of e-signatures are well…
keyboard_arrow_up