Using Single-factor Authentication
From Guidance Share
Description
The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. Dual-factor authentication includes both a secret you can state (such as a password) and a secret you can carry (such as a harware pin, biometrics, or smartcard).
Applies To
- Languages: All
- Operating platform: All
Example
The follow code shows the use of single-factor authentication:
unsigned char *check_passwd(char *plaintext){
ctext=simple_digest("sha1",plaintext,strlen(plaintext)...);
if (ctext==secret_password())
// Log me in
}
Impact
- Authentication: If the secret in a single-factor authentication scheme gets compromised, full authentication is possible.
Vulnerabilities
- Use of single factor authentication in systems where authentication compromise can have critical consequences.
Countermeasures
- Design: Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise.
Vulnerability Patterns
