-
Website
http://dmiessler.com/ -
Original page
http://dmiessler.com/blog/the-connected-web-why-its-time-for-strong-authentication -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
All Comments
Your argument that single sign-on increases the impact of an account compromise is flawed. Almost all web based authentication mechanisms bind to a user's e-mail address to give some assurance the user is a unique person, and more importantly, to allow for password recovery.
Right now the vast majority of users have a primary e-mail address which they use to register most, if not all, of their accounts through, hence a single point of failure already exists. Compromising a single e-mail password will give an attacker access to just about every account an individual has registered for via password recovery.
If your argument is we should use two factor authentication because all that stands between an attacker and all of a user's various accounts, then we should ALREADY be using two factor authentication. Single sign-on does not introduce any risks that aren't already an inherent in web authentication, it simply is easier to distinguish that a single point of failure exists.
I agree that password recovery is a similar weak link, but I don't agree that the introduction of SSO doesn't make compromise more serious.
There is a difference between vulnerabilities that exist and vulnerabilities that are likely to be exploited, and while the password recover vector is real, it's far less likely to be taken advantage of just because it's not as intuitive and visible.
The probability of exploitation of the SSO vulnerability is much higher, therefore the overall risk is higher as well. But I agree, this is mostly due to the fact that the SSO issue is more visible and less because it's fundamentally different than weak password security on email accounts.
Consider how esoteric and technically difficult exploiting various browser bugs is and even how much effort is required to effectively leverage buffer overruns. Engineering exploits using these vulnerabilities requires significant technical knowledge and insight, yet we frequently see real world working attacks based on these vectors. Worse still, once the knowledge and code of how to exploit these vulnerabilities is released into the wild, it becomes almost trivial for someone who is less skilled to leverage the same attack vector.
There is no technical difference between weak OpenID passwords versus weak e-mail passwords. They can be leveraged in same fashion and it just requires the simple insight that having access to someone's e-mail account allows you to recover their passwords.
Just because the public in general is less aware of this issue doesn't make it any less real. Counting on the ignorance of a malice attacker doesn't seem like a good idea.
Two factor authentication is obviously preferred, but I don't agree with your argument that single sign-on exposes users to higher risks, hence we should reinforce security. The same vulnerability and risk already exist in web authentication, hence the question is more why are we currently not using two factor authentication rather then we now have increased risk hence we should use two factor authentication.
Only a single password protects us now, so what has stopped the spread of two factor authentication? It seems like a more important question since the things that had held us from deploying two factor authentication en mass in the past will likely hinder us moving forward.
Not because the hole is of a different size, or because it's easier to pass through, but because it's more likely to be noticed and therefore taken advantage of.
Also, the twitter button above the comment form doesn't work. Clicking it brings up a new window which then disappears. The page reloads and I'm still a 'guest'.