login

In computer security, a login or logon refers to the credentials required to obtain access to a computer system or other restricted area. [read more at http://en.wikipedia.org/wiki/Login]

  • Some examples of what is going on in online eBanking applications securities...

    • Lloyds TSBis going from a 2 stage login system to a securid (2 stage login definition at WikiPedia)in order to reduce online fraud...
      First, users must enter a username and password. Then, on a second screen, they are asked to use drop-down menus to choose three letters from a self-chosen memorable piece of information. The aim of using menus rather than the keyboard has been to defeat so-called "keyloggers", tiny bits of software which can be used by hackers who have breached a PC's security to read every key pressed and thus sniff out passwords. There's no hiding the fact that fraud is on the increase Matthew Timms, Lloyds TSB But newer keyloggers now also take screenshots, which can reveal the entire memorable word after the bank's website has been used just a few times.
      ...
      Lloyds says that about £12m was lost to this kind of scam in 2004 - but it warns that attacks are multiplying fast.
    • Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.

    One interesting point is that Mozilla firefox want to drop definitively SSL 2.0

    SSL is a  security protocol methodology (Originally created by Netscape in 1994) designed to create a secure connection to the server for the transmission of confidential data through the Internet. SSL uses public key encryption, one of the industry's strongest encryption methods, to protect data as it travels over the Internet. .

    support in favor of the stronger SSL3.0 or  TLS 1.0

    Transport Layer Security. A protocol intended to secure and authenticate communications across a public networks by using data encryption. TLS is designed as a successor to SSL and uses the same cryptographic methods but supports more cryptographic algorithms.

    Do not forget to have a look at verisign tutorial on what to do to keep your site security up to date

     

  • openid-logo-2&160; I have now way to many sub domains and websites to not try to make the registration or login process more easier

    Each of the above domains/sub domains has its own registration and login process. I would like as soon as possible try to make people register only once and let them have an easy access to all these services.

    SSO

    Single Sign on?

    Basically One solution would be likely to use OpenID

    OpenID is an open, decentralized standard for user authentication and access control, allowing users to log onto many services with the same digital identity. As such, it replaces the common login process that uses a login-name and a password, by allowing a user to log in once and gain access to the resources of multiple software systems. [WikiPedia]

    Advantages

    • Joomla, Bamboo, JIRA are able to use OpenID
    • More than 200 million users worldwide
    • Free implementation and sometimes even some ready to use plugin

    But

    1200 users are registered, and how do I migrate them all??? not all are active but I can just delete their account…