Krishna Implementing a secure authentication solution involves attempting to simultaneously meet several key security objectives, and in many cases trade off against other objectives such as functionality, usability, and total cost. In some cases “more” security can actually be counterproductive — for example, forcing users to set very long passwords and change them frequently will often … Read more
Some applications use elaborate login mechanisms involving multiple stages. For example: ■ Entry of a username and password. ■ A challenge for specific digits from a PIN or a memorable word. ■ The submission of a value displayed on a changing physical token. Multistage login mechanisms are designed to provide enhanced security over the simple … Read more
Even a well-designed authentication mechanism may be highly insecure due to mistakes made in its implementation. These mistakes may lead to information leakage, complete login bypassing, or a weakening of the overall security of the mechanism as designed. Implementation flaws tend to be more subtle and harder to detect than design defects such as poor … Read more
Some applications that support self-registration allow users to specify their own username, and do not enforce a requirement that usernames be unique. Although rare, the authors have encountered more than one application with this behavior. This represents a design flaw for two reasons: ■ One user who shares a username with another user may also … Read more
Some applications implement the facility for a privileged user of the application to impersonate other users, in order to access data and carry out actions within their user context. For example, some banking applications allow helpdesk operators to verbally authenticate a telephone user and then switch their application session into that user’s context in order … Read more
Applications often implement “remember me” functions as a convenience to users, to prevent them needing to reenter their username and password each time they use the application from a specific computer. These functions are often insecure by design and leave the user exposed to attack both locally and by users on other computers: ■ Some … Read more
Like password change functionality, mechanisms for recovering from a forgotten password situation often introduce problems that may have been avoided in the main login function, such as username enumeration. In addition to this range of defects, design weaknesses in forgotten password functions frequently make this the weakest link at which to attack the application’s overall … Read more
Surprisingly, many web applications do not provide any way for users to change their password. However, this functionality is necessary for a well designed authentication mechanism for two reasons: ■ Periodic enforced password change mitigates the threat of password compromise by reducing the window in which a given password can be targeted in a guessing … Read more
If an application uses an unencrypted HTTP connection to transmit login credentials, an eavesdropper who is suitably positioned on the network will of course be able to intercept them. Depending on the user’s location, potential eavesdroppers may reside: ■ On the user’s local network ■ Within the user’s IT department ■ Within the user’s ISP … Read more
On the face of it, authentication is conceptually among the simplest of all the security mechanisms employed within web applications. In the typical case, a user supplies her username and password, and the application must verify that these items are correct. If so, it lets the user in. If not, it does not. Authentication also … Read more