| Publisher | World Wide Web Conference | ||
|---|---|---|---|
| Format | 51.7KB PDF, requires Acrobat Rdr 5 | Date added | 04 Jan 2000 |
| Topics | Security Standards, SSL - TLS, Security Management | ||
| Downloads | 28 | ||
Passport is a protocol that enables users to sign onto many different merchants' web pages by authenticating themselves only once to a common server. This is important because users tend to pick poor (guessable) user names and passwords and to repeat them at different sites. Passport is notable as it is being very widely deployed by Microsoft. At the time of this writing, Passport boasts 40 million consumers and more than 400 authentications per second on average. We examine the Passport single signon protocol, and identify several risks and attacks. We discuss a flaw that we discovered in the interaction of Passport and Netscape browsers that leaves a user logged in while informing him that he has successfully logged out. Finally, we suggest several areas of improvement.
Did you find this white paper useful?
29 out of 50 users found this white paper useful
Related white papers
Achieving compliance with GSi Code Of Connection (CoCo)
In November 2005, The Government published 'Transformational Government - Enabled by Technology' which documents the steps necessary to achieve effective delivery of technology for Government. To develop the necessary trust...
Messagelabs - IT Security Threats of Today and Tommorrow Webcast Supporting Doc
This document supports th silicon.com webcast which discusses some of the security threats to IT systems that organisations have to face on a daily basis - and what do about...
Botnets and your Business
This MessageLabs White Paper looks at the botnet threat and how it has evolved into a serious danger to business. It also gives a snapshot of botnet activity based on...
MessageLabs - The Dark Art of Spam
Quite simply, MessageLabs anti-spam solution provides businesses with the quality of protection they urgently need if they are to stay a step ahead of the spammers - and the increasingly...
Maximising site vistors trust using extended validation SSL
Web business faces a crisis in confidence. Trust in site security is decling, resulting in consumers scaling back on web transactions or just opting out altogether. This white paper address...
What every E-buisness should know about SSL security and customer trust
Fear of fraud is well founded, Gartner reports nearly 2 million Americans were victims of fraud over the internet during a recent 12 month period. Gaining the trust of online...
Compliance with Data Handling Procedures in UK Government
The UK Data Handling Procedures in Government Report set out clear and mandatory procedures to be followed by all government employees that have access to and responsibility for citizen data....
