Menu
 Home
 Local News    
 Global News
 Technical & Product News
 Opinions
 Contact Us
 Subscribe/Unsubscribe
 
 Publications
 ICT World
 Cable Talk
 Computing S.A.
 Network World
 The Channel
 IT users handbook
 
 Sponsors
 ICT World Company Directory
 
 Partners
 CareerJunction
 Johnnic Mag Division
 
 Privacy Policy
 Privacy Policy
 
   
   

Universal password authentication systems - more R&D is necessary

Date: 12 July 2006
Issue: One Hundred and ninety four (10/7/06 - 14/7/06)
(ICT World)
Category: Opinions
Universal password authentication systems, which allow users to log in once and then hop between Web sites, may just be the answer for those who are unable to remember the various user names and passwords that they have established to access different sites on the 'Net.

However, remembering different passwords and user names may just be the safer bet for now anyway.

This is the opinion of Dries Morris, director of specialist IT security management and consulting company, Securicom.

He says that for a universal authentication system to work, much stronger authentication and possibly the introduction of biometrics as an extra layer of authentication would have to be considered.

Such a system would have to be designed and configured to provide multiple layers of authentication between various institutions, and would definitely have to encompass very powerful encryption (AES).

Without these, universal password authentication poses some obvious security risks, says Morris.

Morris primary concern is that should a users single login or authentication be compromised, the hacker would have access to everything, from banking details, to e-mail and online retail accounts.

We all know that there is really no such thing as a 100% secure environment, just those that have yet to be compromised.

Incidents of identity theft and fraud are already on the rise, and the nature of the threat has changed from being purely malicious to being revenue-driven. While signing in once to access various sites may be more convenient for users, it will also make the work of dubious and ever-evolving crackers so much easier, says Morris.

He points out that full co-operation between various institutions, such as banks and retailers, would also be necessary for the system to be truly universal.

At the same time, Morris believes that universal password authentication is an exciting concept.

The concept, in its infancy at this stage, definitely warrants further research and development. I believe that universal authentication systems could eventually become the standard, if not globally, then certainly within select markets, he concludes.