Can We Fix the Security Economics of Federated Authentication? (Transcript of Discussion)

  • Ross Anderson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7114)


OK, so the talk that I’ve got today is entitled “Can We Fix the Security Economics of Federated Authentication?” and some of this is stuff that I did while I was at Google in January and February. I’m on sabbatical this year and so I’m visiting various places, and doing various things that I don’t normally do.

Let’s go back 25 years. When I was a youngster working in industry the sort of problem that you got if you were working with a bank was this. People joined and had to be indoctrinated into four or five systems and get four or five different passwords. You might find that your branch banking system ran under MVS, so you needed a RACF password; your general ledger ran under DB2, so you needed a DB2 password – and that was a different lady in a different building – and if you became the branch’s foreign exchange deputy clerk then you needed a SWIFT password, which was yet another administrative function in yet another building. And of course this played havoc with usability: post-it notes with passwords are a natural reaction to having to remember six of them. And if you tell your staff to change passwords every month, of course they’ll just rotate them.


Mobile Phone Cloud Service Credit Card Call Centre Gift Card 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ross Anderson
    • 1
  1. 1.University of CambridgeCambridgeUK

Personalised recommendations