?

Log in

No account? Create an account

fanf

Why you want single sign-on

« previous entry | next entry »
11th Apr 2006 | 19:29

This message contains a good rant about single sign-on:

The fact that "users don't necessarily want to have to manually authenticate each time some service wants authentication" is not the reason we want to promote single sign-on. We don't want the user to manually authenticate every time because doing so trains the user to supply their credentials so frequently that they will not think it is strange when they are asked to provide them to an attacker. The only way to prevent phishing attacks are by training users that they only authenticate in very small number of circumstances that rarely occur.

| Leave a comment | Share

Comments {4}

(Deleted comment)

Tony Finch

from: fanf
date: 12th Apr 2006 09:17 (UTC)

Yeah. At work we have a legacy of different passwords for different services, and techies value this because it allows them to partition their privileges. This makes it harder to persuade my colleagues that Kerberos would be a good thing than if we had a legacy of common passwords across services.

Reply | Parent | Thread

(Deleted comment)

Tony Finch

from: fanf
date: 14th Apr 2006 22:56 (UTC)

None that are deployable :-) However I have heard that it may be possible to set up Kerberos with different credentials for different privilege levels, though I have no details.

Reply | Parent | Thread