According to “Hints for Picking Passwords” it is not an easy task for a user to choose both a reliable and at the same time memorable password. There are a number of guidelines for creating strong passwords. So in order to pick such a password people have to put some effort into it. It’s obvious that the more complicated a password is the more secured it becomes. Many people do not realize the importance of having a strong and secured password and they are not ready to waste their time picking the one. But the main problem with complicated passwords is that they are difficult to remember, even if they are chosen by all the rules. Besides if a user visits many net nodes or works on different machines, for each of them he has to pick its own unique password as it’s not correct to use the same one in all situations which require authentication. A thief only need to find out one of user’s passwords and will be able to break his security. So usually a user has a number of different passwords and the only way not to forget all of them is to write them down and keep in some place which is not easy to access, for example in locked drawer or filing cabinet, which is highly inconvenient.
To my opinion these are the main reasons why users usually don’t follow the guidelines and prefer to risk their security using simple passwords which are easy to break.
The pros and cons of federated identity management.
Federated Identity Management is a system which allows users to use the same credentials to sign in to networks of several enterprises and make transactions.
The advantages of using federating identity management system are:
1. It is possible to use a certain user’s credentials for separate applications.
2. It simplifies administration and access to resources.
3. As trusted partners use a common framework for sharing their information, federated identity management system allows not to establish separate relationships and procedures with one another to make transactions.
4. It ensures reliable access to application from multiple locations.
5. There is no need to replicate databases of user credentials for separate applications and systems.
6. It improves security both for digital resources and for user’s personal information.
7. It ensures better logging and audit functions performance.
8. Costs usually intended for password reset are reduced
Despite the pros of federated identity the system also has the following downsides:
1 It is vitally important that the user trusts in the federated management system, in its individual components and connections. If user loses his trust in one part of the system all other parts are compromised as well.
2 It may be expensive to modify existing application to implement the system.
3 Risks associated with unauthorized access are sufficiently high. There is always a possibility of identity theft as it is easy to capture userid or password credentials.
4 There are business issues which may include an agreement on revenue sharing or some details related to organizational moments.
5 Liability problems should also be mentioned as for today there are no strict formulas to assign risk.
