The Role of Strong Authentication with Single Sign-On (SSO)

 <  Day Day Up  >  

We have seen how biometrics eliminate the need for passwords or digital certificates. By removing the need to have a password, we increase both security and user convenience at the same time. This at first glance seems to be a paradox. Normally, if you increase security, user convenience decreases, such as when implementing stronger password rules. Conversely, if you decrease security, user convenience increases . For example, you would probably surmise that when users have weaker password rules, they are no longer inconvenienced because they can pick an easy-to-remember password. But, we have seen that this is not the case. No matter what password rules are used, user convenience and security suffer. This inverse relationship is best illustrated with an application of biometric authentication used in conjunction with single sign-on (SSO).

SSO has been the promised Holy Grail for end-users for many years . One of the greatest weaknesses of SSO is that access to all credentials is protected by a weak method. Historically, SSO software allowed a user to have his/her credentials proxied . To access this credential store, the user would present a password that unlocked the secret store and made it available. Thus, if the user picked a weak password, the whole secret store could be compromised. If the user picked a strong password, the amount of convenience from the SSO was traded off against the difficulty of remembering the password. Thus, the user would write the password down and/or share it. This gave SSO a bad reputation, but in reality, it was authentication technology that was not where it needed to be.

Today's authentication technology has caught up to SSO and many vendors are currently offering strong authentication options to be used in conjunction with SSO. If a user could strongly authenticate to the secret store, could the SSO software, in turn , not use stronger passwords? Some of the better SSO packages offer the ability for the software to randomize the stored credentials. Thus, the user no longer needs to remember a password as he/she strongly authenticates, and the passwords provided by the secret store are now stronger because they are randomized. SSO seems to provide to biometrics the "killer application" that every new technology needs to make it mainstream. In our case, mainstream is the corporate enterprise.

 <  Day Day Up  >  


Biometrics for Network Security
Biometrics for Network Security (Prentice Hall Series in Computer Networking and Distributed)
ISBN: 0131015494
EAN: 2147483647
Year: 2003
Pages: 123
Authors: Paul Reid

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net