printer friendly version

Universal password authentication

More research and development is necessary for the concept of universal password authentication systems to work.

Universal password authentication systems that allow users to log in once and then hop between websites may just be the answer for those who are unable to remember the various user names and passwords they have established to access different sites on the net.

However, remembering different passwords and user names may just be the safer bet - for now anyway.

This is the opinion of Dries Morris, director of specialist IT security management and consulting company, Securicom.

He says that for a universal authentication system to work, much stronger authentication -and possibly the introduction of biometrics as an extra layer of authentication - would have to be considered.

"Such a system would have to be designed and configured to provide multiple layers of authentication between various institutions and would definitely have to encompass very powerful encryption (AES).

"Without these, universal password authentication poses some obvious security risks," says Morris.

Morris' primary concern is that should a user's single login or authentication be compromised, the hacker would have access to everything, from banking details, to e-mail and online retail accounts.

"We all know that there is really no such thing as a 100% secure environment, just those that have yet to be compromised.

"Incidents of identity theft and fraud are already on the rise and the nature of the threat has changed from being purely malicious to being revenue-driven. While signing in once to access various sites may be more convenient for users, it will also make the work of dubious and ever-evolving crackers so much easier," says Morris.

He points out that full co-operation between various institutions, such as banks and retailers, would also be necessary for the system to be truly universal.

At the same time, Morris believes that universal password authentication is an exciting concept.

"The concept, in its infancy at this stage, definitely warrants further research and development. I believe that universal authentication systems could eventually become the standard, if not globally, then certainly within select markets," he concludes.

Share this article:

Further reading: