Trust: Web Authentication
Web authentication protocols took a pounding last year. Problems with the Secure Sockets Layer and Transport Layer Security protocols, which encrypt all sorts of communication among websites, were at the center of several security breaches. Hacks of high-profile certificate authority providers undermined the security of some of the Internet's biggest brands, including Google and Yahoo; new man-in-the-middle attacks hit the Web; and the powerful Beast vulnerability exposed the most commonly used versions of SSL and TLS.
Taken as a whole, it appears the Internet's trust model is broken. However, many security experts aren't ready to scrap SSL. Rather than starting over, they recommend fixing the existing system. It's clear that we need to evolve the way we authenticate on the Web; the question is, how?
About the Author
Ericka Chickowski is an experienced business and technology journalist who specializes in coverage of IT security, regulatory compliance, business alignment, project management and IT employment.
In addition to her work for Dark Reading and InformationWeek, Chickowski’s perspectives on technology have appeared in a number of trade and consumer magazines, including CIO Insight, Baseline, Entrepreneur and Consumers Digest. She has covered the IT security industry extensively over the last six years, gaining particular insight and expertise while working as the West Coast bureau chief for SC Magazine. Chickowski graduated with a B.A. in English from the University of Washington and currently resides in San Diego. Readers may contact her at ericka@chickowski.com.
Be the first one to comment.