Dos and Don'ts of Client Authentication on the Web

Date Added: Jan 2010
Format: PDF

Client authentication has been a continuous source of problems on the web. Although many well-studied techniques exist for authentication, websites continue to use extremely weak authentication schemes, especially in non-enterprise environments such as store fronts. These weaknesses often result from careless use of authenticators within Web cookies. Of the twenty-seven sites the authors investigated, they weakened the client authentication on two systems, gained unauthorized access on eight, and extracted the secret key used to mint authenticators from one.