Single sign-on not so sexy
The trend for federated login is actually decreasing security, says Richard Moore
The slow death of the use of multiple passwords for online logins and accounts is creating potentially costly security risks.
The use of federated login, a small set of master passwords, perhaps related to social networking credentials, is being touted by many but simply exposes a wider range of personal online activity to theft or misuse. That is unless attitudes to passwords and security change quickly.
Weak password security, the need for improved technology, and a need for people to be more careful about sharing their passwords are major issues and have to be addressed.
Although there are fewer passwords to remember, most of those chosen are simply not strong enough.
Online banking often uses two-factor authentication (2FA). However, in the rest of our online lives, passwords and security issues tend to be largely disregarded. People should treat their login details with the same care as their bank details.
We have seen that unthinking online behaviour can have serious consequences. Allegations on Twitter and posts on Facebook are often open to legal action – how much more worrying is it if someone uses your password and Facebook account to make illegal allegations?
So using one master key to an individual's online activity will create major risks – until public awareness of the dangers catches up.
People often share passwords with friends or relatives. Some say it is a sign of trust or commitment. This is understandable – until something goes wrong.
Federated login – as when using interconnected Google and Facebook accounts – must be combined with 2FA, with the latter supported by, say, a mobile phone and a known fact about the user. This would be a step forward for e-safety.
However, the next 12 months could be difficult. The pace of innovation in IT is extremely rapid, and even where the aims of the market in general coincide with the goal of e-safety, we do not always see immediate benefits.
For example, right now we are moving to put all our eggs in one basket, which is fine so long as we implement stage two: keeping a sharp eye on that basket.
Eventually, we will see 2FA moving from banking into the rest of the consumer space.
Richard Moore is chief executive of Smoothwall