Most of us have to identify ourselves in many different places nowadays. We may have multiple accounts across the web, or even multiple accounts within one organization. The idea of Single Sign On is that we authenticate ourselves once, and then everywhere else we go knows who we are. How convenient. Why identify yourself over and over again?
Well, I'm the grumpy old man again here. Yes, SSO is convenient. So is having no authentication at all. Convenience always lessens security, and that is why I am no fan of any of this. At least not until there is some absolutely foolproof, non-exploitable method of authentication. Until then, any time you let one authentication serve for multiple resources, you have lessened your security and increased your chances of unauthorized access to those resources.
Because people are lazy, they'll choose convenience over security every time.And that basic fact is the major source of most of our virus/spam/spyware problems today. There is something to be said for "hard to use", "unfriendly" systems where your typical user can't do anything without help. When no intelligence or intellectual effort is required, security suffers.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2012-07-20 Tony Lawrence
The idea of "work, then get paid" has been deeply ingrained in our culture by employers who want to limit their risk. Well, I like to limit my risks also. I like to get paid before I do work. (Tony Lawrence)