Security
Password synchronization is generally considered to be a relatively crude approach that is inherently less secure than well-designed and implemented single signon or password vault solutions. If the single, synchronized password is compromised (for example, if it is guessed, disclosed, determined by cryptanalysis from one of the systems, intercepted on an insecure communications path, or if the user is socially engineered into resetting it to a known value), all the systems that share that password are vulnerable to improper access. In most single signon and password vault solutions, compromise of the primary or master password (in other words, the password used to unlock access to the individual unique passwords used on other systems) also compromises all the associated systems, so of course that password must be strong and well protected in the same way. However, compromise of any individual password used on a given system does not automatically allow access to the single signon system, the password vault or the other systems, thereby limiting the impact.
Depending on the software used, password synchronization may be triggered by a password change on any one of the synchronized systems (whether initiated by the user or by password expiry on the system) and/or by the user initiating the change centrally through the software, perhaps through a web interface.
Some password synchronization systems directly reset the stored representations of the password rather than the actual password. This approach is typically only found in proprietary systems where the password storage schemes are standardized, for example provided by a single vendor. Either way, it is clearly important to reset and distribute the password or stored representations in a secure manner.
Read more about this topic: Password Synchronization
Famous quotes containing the word security:
“There is something that Governments care for far more than human life, and that is the security of property, and so it is through property that we shall strike the enemy.... Be militant each in your own way.... I incite this meeting to rebellion.”
—Emmeline Pankhurst (1858–1928)
“Of course we will continue to work for cheaper electricity in the homes and on the farms of America; for better and cheaper transportation; for low interest rates; for sounder home financing; for better banking; for the regulation of security issues; for reciprocal trade among nations and for the wiping out of slums. And my friends, for all of these we have only begun to fight.”
—Franklin D. Roosevelt (1882–1945)
“... most Southerners of my parents’ era were raised to feel that it wasn’t respectable to be rich. We felt that all patriotic Southerners had lost everything in defense of the South, and sufficient time hadn’t elapsed for respectable rebuilding of financial security in a war- impoverished region.”
—Sarah Patton Boyle, U.S. civil rights activist and author. The Desegregated Heart, part 1, ch. 1 (1962)