4.7 Article Proceedings Paper

Risks of the Passport single signon protocol

COMPUTER NETWORKS (2000)

Get Full Text
Add to Collection

Journal

COMPUTER NETWORKS
Volume 33, Issue 1-6, Pages 51-58

Publisher

ELSEVIER SCIENCE BV
DOI: 10.1016/S1389-1286(00)00048-7

Keywords

Web security; single signon; authentication; e-commerce

Categories

Computer Science, Hardware & Architecture Computer Science, Information Systems Engineering, Electrical & Electronic Telecommunications

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

Passport is a protocol that enables users to sign onto many different merchants' Web pages by authenticating themselves only once to a common server. This is important because users tend to pick poor (guessable) user names and passwords and to repeat them at different sites. Passport is notable as it is being very widely deployed by Microsoft. At the time of this writing, Passport boasts 40 million consumers and more than 400 authentications per second on average. We examine the Passport single signon protocol, and identify several risks and attacks. We discuss a flaw that we discovered in the interaction of Passport and Netscape browsers that leaves a user logged in while informing him that he has successfully logged out. Finally, we suggest several areas of improvement. (C) 2000 Published by Elsevier Science B.V. All rights reserved.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.