Business
Why single sign-on is not a good idea
For regular readers of this newsletter, it should come as no surprise that I am a staunch defender of personal liberties, including both the right to privacy and the right to security. Because of this and other reasons, I rarely use any technology outside of my control and understanding.
For regular readers of this newsletter, it should come as no surprise that I am a staunch defender of personal liberties, including both the right to privacy and the right to security. Because of this and other reasons, I rarely use any technology outside of my control and understanding.
This includes using any Internet commerce site that requires me to register personal information--specifically credit card information--before using its services. And yes, that means this practice precludes me from using eBay, one of the Web's most popular destinations.
My problem with eBay is that it seems to think it's appropriate to ask users to place their trust in its security when it comes to personal information. Make no mistake: I know I'm in the minority here. Thousands of users--and likely several in your own organization--have been willing to trust eBay and countless other Web sites with all the pieces of their personal identity.
But no security is 100 percent fail-proof, a fact driven home last month when online financial service PayPal, an eBay subsidiary, warned customers that a flaw had leaked their e-mail addresses to the Web. According to the company, the leak came from another company PayPal had contracted with that failed to properly secure an online form.
And that's exactly why I won't register personal information. You can never be completely sure who has access to the data.
However, I will admit that eBay made a wise decision recently in regard to its users' security. Last month, the company notified customers that it was discontinuing the use of Microsoft Passport, an identity management service that Microsoft itself has been trying to scale back.
I've been on a campaign to warn users of the risks of putting all their eggs in one basket and the dangers of single sign-on technologies since 2001. Advocates of such services would have you believe that these are "user-enabling" technologies, but the truth is that any technology, including single sign-on, that requires you to relinquish control of your personal information is a risk.
In my opinion, any technology designed to collect, store, and track personal information and user behavior outside of your direct control is a violation of both privacy and security. With information and identify theft at record levels, keeping personal information in one place and expecting an unknown third party to keep it secure is idiotic--with or without the Internet.
Of course, Microsoft Passport isn't the only single sign-on service. Announced shortly after Passport's debut, the Liberty Alliance Project was supposed to be an alternative standard for single sign-on technology.
Given my stance on open source, you might think I preferred the Liberty Alliance Project to Passport simply because Microsoft wasn't behind it--but not this time. Just because Liberty Alliance Project's single sign-on technology is an open standard doesn't make me like it any more than Passport.
A bad idea is still bad, regardless of who proposes it. Having one username and password to secure user information for multiple Web sites located on a system outside of the control of both the user and the Web site operator is a risk that isn't worth the "user-friendly" functionality.
So regardless of their touted benefits to Internet users or ostensible security enhancements, I haven't changed my stance on single sign-on technologies in the past three and a half years. However, the risks notwithstanding, legitimate areas still exist where single sign-on technologies do make sense, such as on a private network or within an organization.
But no one's going to convince me that it has a place on the public Internet, where user behavior and preferences should remain a personal matter.
Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.
This includes using any Internet commerce site that requires me to register personal information--specifically credit card information--before using its services. And yes, that means this practice precludes me from using eBay, one of the Web's most popular destinations.
My problem with eBay is that it seems to think it's appropriate to ask users to place their trust in its security when it comes to personal information. Make no mistake: I know I'm in the minority here. Thousands of users--and likely several in your own organization--have been willing to trust eBay and countless other Web sites with all the pieces of their personal identity.
But no security is 100 percent fail-proof, a fact driven home last month when online financial service PayPal, an eBay subsidiary, warned customers that a flaw had leaked their e-mail addresses to the Web. According to the company, the leak came from another company PayPal had contracted with that failed to properly secure an online form.
And that's exactly why I won't register personal information. You can never be completely sure who has access to the data.
However, I will admit that eBay made a wise decision recently in regard to its users' security. Last month, the company notified customers that it was discontinuing the use of Microsoft Passport, an identity management service that Microsoft itself has been trying to scale back.
I've been on a campaign to warn users of the risks of putting all their eggs in one basket and the dangers of single sign-on technologies since 2001. Advocates of such services would have you believe that these are "user-enabling" technologies, but the truth is that any technology, including single sign-on, that requires you to relinquish control of your personal information is a risk.
In my opinion, any technology designed to collect, store, and track personal information and user behavior outside of your direct control is a violation of both privacy and security. With information and identify theft at record levels, keeping personal information in one place and expecting an unknown third party to keep it secure is idiotic--with or without the Internet.
Of course, Microsoft Passport isn't the only single sign-on service. Announced shortly after Passport's debut, the Liberty Alliance Project was supposed to be an alternative standard for single sign-on technology.
Given my stance on open source, you might think I preferred the Liberty Alliance Project to Passport simply because Microsoft wasn't behind it--but not this time. Just because Liberty Alliance Project's single sign-on technology is an open standard doesn't make me like it any more than Passport.
A bad idea is still bad, regardless of who proposes it. Having one username and password to secure user information for multiple Web sites located on a system outside of the control of both the user and the Web site operator is a risk that isn't worth the "user-friendly" functionality.
So regardless of their touted benefits to Internet users or ostensible security enhancements, I haven't changed my stance on single sign-on technologies in the past three and a half years. However, the risks notwithstanding, legitimate areas still exist where single sign-on technologies do make sense, such as on a private network or within an organization.
But no one's going to convince me that it has a place on the public Internet, where user behavior and preferences should remain a personal matter.
Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.