SSO/RSO/USO/Oh-no.
The recurrent corporate drive to create a reduced, single, unified, etc. sign-on process is something I've been chewing on for a while. The continual rush back to passwords, to ONE password for everything, really blows me away. As an IT security professional, it strikes me as a serious backslide. I differ from many of my contemporaries in that I think even "good" passwords are (usually) a bad idea.
( The only thing that's wrong with password authentication is that it uses passwords. )
( Terminology and why SSO is not always bad security )
( Thinking about authentication as an _evidence_ problem )
( The RSO/SSO/USO/Oh-no lifecycle at large organizations )
How's YOUR authentication quagmire?
( The only thing that's wrong with password authentication is that it uses passwords. )
( Terminology and why SSO is not always bad security )
( Thinking about authentication as an _evidence_ problem )
( The RSO/SSO/USO/Oh-no lifecycle at large organizations )
How's YOUR authentication quagmire?