New! Sign up for our free email newsletter.
Science News
from research organizations

The safe way to use one Internet password

Date:
February 26, 2010
Source:
Queensland University of Technology
Summary:
A little-used Internet authentication system from the 1980s could provide the answer for enabling web users to securely sign in only once per Internet session, an Australian researcher has found.
Share:
FULL STORY

A little-used Internet authentication system from the 1980s could provide the answer for enabling web users to securely log in only once per Internet session, a Queensland University of Technology researcher has found.

PhD researcher Suriadi, from QUT's Information Security Institute, said a secure single-sign on system was more than simply using the same password for multiple accounts.

Mr Suriadi said any future single-sign on systems, which could potentially give web users access to a multitude of accounts, including email, bank and shopping, would require extreme privacy to avoid information spies and account hackers.

"Single-sign on systems are already being used by organisations," he said.

"For example, a bank could link their Internet banking site to an online trading site, thus relieving users from having to perform an extra log in step.

"However, if one of the parties is compromised, for example by a virus, a 'denial of service' attack or insecure set-up, it puts all the user's linked accounts at risk."

Mr Suriadi said his research investigated a little-used "anonymous credential system" which dates back to the 1980s, but recently received renewed interest from the research community.

"Using this credential system, we could enhance the security and privacy of a single sign-on system," he said.

"The system works by revealing as little information about who you are as necessary for logging into an account, therefore allowing you to remain anonymous.

"This way, a company wouldn't be able to track your shopping habits and target spam or marketing at you. This method could also confirm you are over 18 and not reveal your birthday."

Mr Suriadi said a single sign-on system backed by the anonymous credential system required the cooperation of businesses and organisations to enable it.

"One use of this could be for the research community, with online libraries and databases applying the anonymous credential system so that the privacy of researchers can be preserved," he said.

"This would be useful for people researching sensitive issues."

Mr Suriadi said for the purposes of accountability, such a system would also allow authorities to revoke users' anonymity in cases of illegal activity.


Story Source:

Materials provided by Queensland University of Technology. Note: Content may be edited for style and length.


Cite This Page:

Queensland University of Technology. "The safe way to use one Internet password." ScienceDaily. ScienceDaily, 26 February 2010. <www.sciencedaily.com/releases/2010/02/100225091348.htm>.
Queensland University of Technology. (2010, February 26). The safe way to use one Internet password. ScienceDaily. Retrieved November 22, 2024 from www.sciencedaily.com/releases/2010/02/100225091348.htm
Queensland University of Technology. "The safe way to use one Internet password." ScienceDaily. www.sciencedaily.com/releases/2010/02/100225091348.htm (accessed November 22, 2024).

Explore More

from ScienceDaily

RELATED STORIES