Passwords the Achilles Heel of SSO
Computers & Technology → Technology
- Author Bill Steiner
- Published June 3, 2012
- Word count 665
Single Sign On (SSO) has become an obvious solution to the challenges users face with passwords. According to a recent Microsoft study, participants averaged around twenty five (25) accounts using about 6 passwords among the accounts. The gifted few that can remember a different password for twenty five (25) online accounts have gained my endearing respect. For most of us, however, remembering passwords is not practical. We document passwords in our little black books (phones these days), figure out some obvious pattern for our passwords or reset passwords when we need to gain access to accounts. All these techniques lead to less secure access, not more secure accounts. SSO solves the recall problem in exchange for others.
With SSO, there is a single password to remember and single point of failure. Once someone or something else obtains the SSO account information, all the participating accounts are compromised. To be fair, however, SSO is convenient if you want to pass all your account access to another person while you are on vacation and can’t monitor online activities.
Fundamentally, we all agree the password is no longer practical. First and foremost, the password gives no indication of who is getting account access. Protecting multiple password protected accounts with another password is the subject of a mind bending paper I have planned for the future. It seems that after fifty years of passwords and growth in cybercrime, something better than a password should be used to protect passwords.
What we really want to do is identify the subject logging in. The basic ingredients of identification are obvious.
Most of us have some sort of government issued photo identification; a driver’s license is something I have. Thankfully, when I’m pulled over, law enforcement can check to see if the information on the license matches the issuer’s data. The token, widely used in two factor authentication, models this behavior with the added twist of having the number change periodically and frequently. Unfortunately, the token can’t look into my eyes and compare the picture sent back to the Officer from station. Perhaps even worse, information from tokens can be easily communicated at the time of login, the token can be loaned and the passcode can be intercepted.
Another ingredient is the knowledge based question; something only I should know. What street address is familiar to me? A pretty good question except that anyone that has a browser and few dollars can get all my previous addresses, phones, etc. Most importantly having the answer to this information proves that at least two entities have the information and therefore does not identify who gaining account access. Unfortunately, most knowledge based questions are not real time.
Finally, biometrics offers a way to determine who is logging in. SSO can benefit from uniquely identifying the user at every login. Now the question: is it live or Memorex (a recording). To determine if it’s live there must be unique real time information collected at login. When using voice, the user must say something they have never said before and the authenticating system must ensure that the subject spoke the required words.
SSO can be significant step towards alleviating the pain of passwords if it avoids being a single point of failure. Conclusively identifying the subject at every login not only ensures no one else can gain access to the account, but also prevents insiders from passing credentials and denying involvement.
Sovay multifactor-multichannel authentication employs biometrics to make sure it’s the subject speaking. Speech recognition is employed to make sure the subject speaks the correct response including a knowledge answer and a random phrase unique to each login attempt. And to make sure only the subject knows what to say, SMS is used so hackers can’t get access to the prompt. All this is captured in a few seconds using commodity webcams and microphones.
Contact Veritrix to learn more about our enterprise class secure authentication and find out who is logging in.
To know more about Biometric User Authentication please browse Biometric User Authentication
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- The Ultimate Guide to 3D Animation: From Basics to Advanced Techniques
- Mitsubishi Electric proves heat pump compatibility with microbore pipework
- Why Small to Large Companies Continue to Use Dated/Dinosaur Technology
- 10 Ways Business Central’s Quality Inspector App Streamlines Quality Assurance
- 10 Ways Business Central’s Quality Inspector App Streamlines Quality Assurance
- The Rise of Sustainable Technology: Shaping a Greener Future
- Why Bullseye Engagement Offers the Best OKR Software for Businesses
- Web Development Companies in Canada
- How EasyPDF™ Forms Save Time & Money at Home and in the Workplace
- The One and Only 15-Second Digital Lien Waiver to Complete and Submit in Record Time Using the Free Adobe Reader
- The Impact of Employer Branding on Leadership Recruitment
- Augmented Reality (AR) in Business: Why Your Company Needs It
- Top 10 Reasons to Use Business Central’s License Plating App
- The Hidden Advantages of European Offshore Development Companies
- App Development: Transforming Ideas into Reality
- Automate you Chauffeur Service with A to Z Dispatch
- The Impact of Machine Learning and AI on Business: What the Future Holds In the modern busine
- Generate Flashcards Fast with AI: The Ultimate Solution for Developers
- Blockchain Interview Guide: Essential Questions and Answers for Success
- Eight Free Business Central Apps That You’ll Wish You Had
- How Artificial Intelligence (AI) and Machine Learning (ML) Are Transforming Computer-Based Trading Platforms
- The Role of Gas Engineers in Modern Energy Systems: Linking to Sustainability and Innovation
- The Significance of Stars in the Universe and Their Impact on Human Culture Throughout Evolution
- Exploiting Artificial Intelligence for Urban Mobility Transformation: A Case Study of Guatemala City
- Top 10 Ways Business Central Users Streamline Shipping
- The Impact of AI on Job Security and Availability in Africa: A Future at a Crossroads
- CNC Machining Vs 3D Printing: Which Technology Is Right For Your Project?
- The Future of Search: Embracing AI-Powered Search Solutions
- Low-Fidelity Vs High-Fidelity Prototypes: When To Use Each In Product Design
- MARKET SEGMENTATION