Password Synchronization - Security


Password synchronization is generally considered to be a relatively crude approach that is inherently less secure than well-designed and implemented single signon or password vault solutions. If the single, synchronized password is compromised (for example, if it is guessed, disclosed, determined by cryptanalysis from one of the systems, intercepted on an insecure communications path, or if the user is socially engineered into resetting it to a known value), all the systems that share that password are vulnerable to improper access. In most single signon and password vault solutions, compromise of the primary or master password (in other words, the password used to unlock access to the individual unique passwords used on other systems) also compromises all the associated systems, so of course that password must be strong and well protected in the same way. However, compromise of any individual password used on a given system does not automatically allow access to the single signon system, the password vault or the other systems, thereby limiting the impact.

Depending on the software used, password synchronization may be triggered by a password change on any one of the synchronized systems (whether initiated by the user or by password expiry on the system) and/or by the user initiating the change centrally through the software, perhaps through a web interface.

Some password synchronization systems directly reset the stored representations of the password rather than the actual password. This approach is typically only found in proprietary systems where the password storage schemes are standardized, for example provided by a single vendor. Either way, it is clearly important to reset and distribute the password or stored representations in a secure manner.

Read more about this topic:  Password Synchronization

Other articles related to "security":

President Of Ireland - Security and Transport
... armed guards at all times and is encircled by security fencing ... At all times the President travels with an armed security detail which is provided by the SDU (Special Detective Unit - an elite wing of the Irish police force) ...
Transportation In The United States - Ownership and Jurisdiction
... The Transportation Security Administration has provided security at most major airports since 2001 ... of transportation, except for customs, immigration, and security, which are the responsibility of the United States Department of Homeland Security ... while the United States Coast Guard is the primary enforcer of law and security on US waterways ...
Xpages - Security
... XPages applications and the document oriented database can be secured in multiple ways ... There is a so called ACL (access control list) which contains a list of users, groups and roles and their access rights ...
Computer Security - Security By Design
... One approach to computer security is to consider security as one of the base features ... trails tracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined ...
Computer Security
... Computer security is information security as applied to computers and networks. ...

Famous quotes containing the word security:

    I think the girl who is able to earn her own living and pay her own way should be as happy as anybody on earth. The sense of independence and security is very sweet.
    Susan B. Anthony (1820–1906)

    A well-regulated militia being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
    U.S. Constitution, Second Amendment.

    In the long course of history, having people who understand your thought is much greater security than another submarine.
    J. William Fulbright (b. 1905)