The authentication data for any site visited thereafter is automatically generated for the duration of that session.
The e-business revolution is fundamentally changing the world around us. We communicate with colleagues and friends by e-mail, conduct our personal banking on-line, go shopping without ever leaving our homes, renew drivers' licenses and submit tax returns without ever having to stand in line. As customers, we have been given the power of self-service, to conduct our own transactions, on our own terms, and at a time that suits our schedule, unconstrained by the limitations of physical operations. Universal authentication reflect the continuing struggle to keep the digital world accessible and secure.
It must be able to positively identify and authenticate the people that are eligible for its services. It must be able to understand each person's role and status and be able to track those attributes as they change over time. Requirements in the previous two sentences imply the requirement for robust directory, authentication and authorization systems. More and more on-line self-service applications and an increasingly complex learning environment require such systems to be based on a single ID and password. This is not simply a matter of convenience. While each person's e-Business life is made substantially easier, the security of the institution and its vital information depends on the ability to responsibly manage the underlying technology in a coherent manner.
One of the biggest problems with Internet security is the fact that every Web site has its own authentication system. A typical Internet user, who has two or three Web-based e-mail addresses and frequents half a dozen online vendors to buy or sell things, must memorize several usernames and passwords. This can be difficult unless the authentication data is written down or stored as a text file, which then becomes a security issue. Universal authentication can eliminate this problem without compromising security or privacy.
Universal authentication systems, which allow users to log in once and then hop between Web sites, may just be the answer for those who are unable to remember the various user names and passwords that they have established to access different sites on the 'Net. However, remembering different passwords and user names may just be the safer bet - for now anyway. For a universal authentication system to work, much stronger authentication - and possibly the introduction of biometrics as an extra layer of authentication - would have to be considered.
As rightly quoted by David. M in ''IT Tech' Magazine,
"Such a system would have to be designed and configured to provide multiple layers of authentication between various institutions, and would definitely have to encompass very powerful encryption (AES). "Without these, universal password authentication poses some obvious security risks," 1
There is really no such thing as a 100% secure environment, just those that have yet to be compromised. Incidents of identity theft and fraud are already on the rise, and the nature of the threat has changed from being purely malicious to being revenue-driven. Primary concern is that should a user's single login or authentication be compromised, the hacker would have access to everything, from banking details, to e-mail and online retail accounts. While signing in