The safe way to use 1 Internet password

February 24, 2010

A little-used Internet authentication system from the 1980s could provide the answer for enabling web users to securely sign in only once per Internet session, a Queensland University of Technology researcher has found.

PhD researcher Suriadi, from QUT's Information Security Institute, said a secure single-sign on system was more than simply using the same password for multiple accounts.

Mr Suriadi said any future single-sign on systems, which could potentially give web users access to a multitude of accounts, including email, bank and shopping, would require extreme privacy to avoid information spies and account hackers.

"Single-sign on systems are already being used by organisations," he said.

"For example, a bank could link their Internet banking site to an online trading site, thus relieving users from having to perform an extra log in step.

"However, if one of the parties is compromised, for example by a virus, a 'denial of service' attack or insecure set-up, it puts all the user's linked accounts at risk."

Mr Suriadi said his research investigated a little-used "anonymous credential system" which dates back to the 1980s, but recently received renewed interest from the research community.

"Using this credential system, we could enhance the security and privacy of a single sign-on system," he said.

"The system works by revealing as little information about who you are as necessary for logging into an account, therefore allowing you to remain anonymous.

"This way, a company wouldn't be able to track your shopping habits and target spam or marketing at you. This method could also confirm you are over 18 and not reveal your birthday."

Mr Suriadi said a single sign-on system backed by the anonymous credential system required the cooperation of businesses and organisations to enable it.

"One use of this could be for the research community, with online libraries and databases applying the anonymous credential system so that the privacy of researchers can be preserved," he said.

"This would be useful for people researching sensitive issues."

Mr Suriadi said for the purposes of accountability, such a system would also allow authorities to revoke users' anonymity in cases of illegal activity.
-end-
Media contact: Rachael Wilson, QUT media officer, +61 7 3138 1150 or rachael.wilson@qut.edu.au.

Queensland University of Technology

Related Privacy Articles from Brightsurf:

Yale team finds way to protect genetic privacy in research
In a new report, a team of Yale scientists has developed a way to protect people's private genetic information while preserving the benefits of a free exchange of functional genomics data between researchers.

Researchers simulate privacy leaks in functional genomics studies
In a study publishing November 12 in the journal Cell, a team of investigators demonstrates that it's possible to de-identify raw functional genomics data to ensure patient privacy.

Some children at higher risk of privacy violations from digital apps
While federal privacy laws prohibit digital platforms from storing and sharing children's personal information, those rules aren't always enforced, researchers find.

COVID-19 symptom tracker ensures privacy during isolation
An online COVID-19 symptom tracking tool developed by researchers at Georgetown University Medical Center ensures a person's confidentiality while being able to actively monitor their symptoms.

New research reveals privacy risks of home security cameras
An international study has used data from a major home Internet Protocol (IP) security camera provider to evaluate potential privacy risks for users.

Researcher develops tool to protect children's online privacy
A University of Texas at Dallas study of 100 mobile apps for kids found that 72 violated a federal law aimed at protecting children's online privacy.

Do COVID-19 apps protect your privacy?
Many mobile apps that track the spread of COVID-19 ask for personal data but don't indicate the information will be secure.

COVID-19 contact tracing apps: 8 privacy questions governments should ask
Imperial experts have posed eight privacy questions governments should consider when developing coronavirus contact tracing apps.

New security system to revolutionise communications privacy
A new uncrackable security system created by researchers at King Abdullah University of Science and Technology (KAUST), the University of St Andrews and the Center for Unconventional Processes of Sciences (CUP Sciences) is set to revolutionize communications privacy.

Mayo Clinic studies patient privacy in MRI research
Though identifying data typically are removed from medical image files before they are shared for research, a Mayo Clinic study finds that this may not be enough to protect patient privacy.

Read More: Privacy News and Privacy Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.