Security

Dos and Don'ts of Client Authentication on the Web

Free registration required

Executive Summary

Client authentication has been a continuous source of problems on the web. Although many well-studied techniques exist for authentication, websites continue to use extremely weak authentication schemes, especially in non-enterprise environments such as store fronts. These weaknesses often result from careless use of authenticators within Web cookies. Of the twenty-seven sites the authors investigated, they weakened the client authentication on two systems, gained unauthorized access on eight, and extracted the secret key used to mint authenticators from one.

  • Format: PDF
  • Size: 135.4 KB