Operate multiple accounts with single password
March 2nd, 2010 - 3:41 pm ICT by IANSSydney, March 2 (IANS) A little-used internet authentication system from the 1980s could enable web users to securely log in only once per internet session, says a new study.
PhD researcher S. Suriadi from Queensland University of Technology (QUT) Information Security Institute said a secure single sign-on system was more than simply using the same password for multiple accounts.
Suriadi said any future single sign-on system, which could potentially give web users
access to a multitude of accounts, including e-mail, bank and shopping, would require
extreme privacy to avoid information spies and account hackers.
“Single sign-on systems are already being used by organisations,” he said. “For example, a bank could link their internet banking site to an online trading site, thus relieving users from having to perform an extra log in step.
“However, if one of the parties is compromised, for example by a virus, a ‘denial of
service’ attack or insecure set-up, it puts all the user’s linked accounts at risk.”
Suriadi said his research investigated a little-used “anonymous credential system”, which dates back to the 1980s, but recently received renewed interest from the research community.
“Using this credential system, we could enhance the security and privacy of a single
sign-on system,” he said.
“The system works by revealing as little information about who you are as necessary for
logging into an account, therefore allowing you to remain anonymous.
“This way, a company wouldn’t be able to track your shopping habits and target spam or
marketing at you. This method could also confirm you are over 18 and not reveal your
birthday.”
Suriadi said a single sign-on system backed by the anonymous credential system
required the cooperation of businesses and organisations to enable it.
“One use of this could be for the research community, with online libraries and databases applying the anonymous credential system so that the privacy of researchers
can be preserved,” he said, according to a QUT release.
-
St/pgb
- System to use one net password for multiple accounts draws renewed interest - Feb 26, 2010
- US considers internet identity for its citizens - Jan 10, 2011
- US to create national cyber-identity system to boost privacy, online security - Apr 16, 2011
- Facebook hopes to dominate the mobile world - Nov 04, 2010
- Facebook could be taken to court over alleged tracking - Nov 17, 2011
- Google's multiple-access password software hacked - Apr 20, 2010
- Now, Google tracking our each online move? - Mar 29, 2012
- Rhythm of typing can tell if you're stressed - Jan 08, 2010
- Now websites can track your IP address - Apr 25, 2011
- Facebook Outage Lasted For 30 Minutes When Company Tested New Features - Dec 17, 2010
- Digital photos could put your kids at risk - Feb 10, 2012
- Now, Facebook launches its own phone - Feb 11, 2011
- New security app to keep your digital secrets safe - Jan 19, 2011
- Firewalls can help hackers break into Facebook, Twitter - May 22, 2012
- Earthlink Webmail: The New Mailing System In Your iPhones - Nov 19, 2010
Tags: 1980s, authentication system, denial of service, denial of service attack, e mail bank, extreme privacy, information security institute, internet banking, internet session, multitude, online libraries, queensland university of technology, qut, researcher, shopping habits, spies, sydney march, target, university of technology, web users