|
> From: John Earl > > NOT! > > The vast majority of people synchronize (either automatically or > manually) their passwords across similar systems, so if you are able to > compromise a password on one system, chances are that password will work > on many others. So? Using the same password for different security domains is a bad practice. So is using a three-letter password. So is using your birthdate. I consider logging on to my LAN a different security domain than logging on to my production server. But that's just me. The server-farm people have forced the single sign-on issue down our throats because there are LOTS of machines to log on to. But system-wide single sign-on is throwing out the baby with the bathwater for me. Personally, I have no problem telling a user they have one sign-on to access their e-mail and another one to update mission critical production data. > Real single signon, where the user only has one password that is > authenticated against one system, provides no additional exposure, and > in fact limits the number of potential points of compromise. Again, in my opinion providing a single access point to all security domains is a bad idea. Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.