Using Single-factor Authentication

From Guidance Share

Jump to: navigation, search

Contents

Description

The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. Dual-factor authentication includes both a secret you can state (such as a password) and a secret you can carry (such as a harware pin, biometrics, or smartcard).


Applies To

  • Languages: All
  • Operating platform: All


Example

The follow code shows the use of single-factor authentication:

unsigned char *check_passwd(char *plaintext){
ctext=simple_digest("sha1",plaintext,strlen(plaintext)...);
if (ctext==secret_password())
// Log me in
}


Impact

  • Authentication: If the secret in a single-factor authentication scheme gets compromised, full authentication is possible.


Vulnerabilities

  • Use of single factor authentication in systems where authentication compromise can have critical consequences.


Countermeasures

  • Design: Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise.


Vulnerability Patterns


How Tos

Personal tools