Saturday, March 6, 2010

Single sign-on system for Internet session?

The safe way to use one Internet password

Queensland University of Technology (QUT) Ph.D. researcher Suriadi is investigating using an anonymous credential system, an Internet authentication system from the 1980s, to enable Web users to securely log in only once per Internet session. Suriadi says future single sign-on systems could give users access to multiple accounts--including email, bank, and shopping--but would need to provide extreme privacy to avoid hackers.

He says the anonymous credential system could enhance the security and privacy of a single sign-on system. "The system works by revealing as little information about who you are as necessary for logging into an account, therefore allowing you to remain anonymous," Suriadi says. A single sign-on system backed by the anonymous credential system requires the cooperation of business and organizations to enable it, Suriadi notes.

"However, if one of the parties is compromised, for example by a virus, a 'denial of service' attack or insecure set-up, it puts all the user's linked accounts at risk."

Refer here to read more details.

No comments: