Password Synchronization - Security

Security

Password synchronization is generally considered to be a relatively crude approach that is inherently less secure than well-designed and implemented single signon or password vault solutions. If the single, synchronized password is compromised (for example, if it is guessed, disclosed, determined by cryptanalysis from one of the systems, intercepted on an insecure communications path, or if the user is socially engineered into resetting it to a known value), all the systems that share that password are vulnerable to improper access. In most single signon and password vault solutions, compromise of the primary or master password (in other words, the password used to unlock access to the individual unique passwords used on other systems) also compromises all the associated systems, so of course that password must be strong and well protected in the same way. However, compromise of any individual password used on a given system does not automatically allow access to the single signon system, the password vault or the other systems, thereby limiting the impact.

Depending on the software used, password synchronization may be triggered by a password change on any one of the synchronized systems (whether initiated by the user or by password expiry on the system) and/or by the user initiating the change centrally through the software, perhaps through a web interface.

Some password synchronization systems directly reset the stored representations of the password rather than the actual password. This approach is typically only found in proprietary systems where the password storage schemes are standardized, for example provided by a single vendor. Either way, it is clearly important to reset and distribute the password or stored representations in a secure manner.

Read more about this topic:  Password Synchronization

Famous quotes containing the word security:

    The contention that a standing army and navy is the best security of peace is about as logical as the claim that the most peaceful citizen is he who goes about heavily armed. The experience of every-day life fully proves that the armed individual is invariably anxious to try his strength. The same is historically true of governments. Really peaceful countries do not waste life and energy in war preparations, with the result that peace is maintained.
    Emma Goldman (1869–1940)

    Is a Bill of Rights a security for [religious liberty]? If there were but one sect in America, a Bill of Rights would be a small protection for liberty.... Freedom derives from a multiplicity of sects, which pervade America, and which is the best and only security for religious liberty in any society. For where there is such a variety of sects, there cannot be a majority of any one sect to oppress and persecute the rest.
    James Madison (1751–1836)

    It seems to me that our three basic needs, for food and security and love, are so mixed and mingled and entwined that we cannot straightly think of one without the others. So it happens that when I write of hunger, I am really writing about love and the hunger for it, and warmth and the love of it and the hunger for it ... and then the warmth and richness and fine reality of hunger satisfied ... and it is all one.
    M.F.K. Fisher (b. 1908)