So the lesson is don't worry so much about authenticating the user, but focus on authenticating the transaction. It would have been a much more useful article if he actually described how (rather than just saying, "do it like the credit card companies").
But what's the transaction in the case of, say, a secured extranet? Is it requesting tabular data? Downloading a file? Kicking off a workflow?
Or what's the transaction of an online banking session? Checking my balances? Initiating a payment? Transferring funds?
Authenticating much more often than once a session is impractical from a user experience standpoint. People are just not going to enter their PIN & token code a half-dozen times. Security has always required usability trade-offs and authenticating transactions is going to be far too much hassle for most services.
I suppose you could batch transactions and ask for a second log-in before you process them. That would offer a sanity check and mitigate potential damage. But even that would require awfully security-conscious users to accept that process, tolerate the changes it implies in how the service can operate and actually pay attention to the batch to see if something was slipped in -- at which point I wonder how much additional security the transaction batch is truly providing.
2 comments
[ 2.4 ms ] story [ 27.9 ms ] threadBut what's the transaction in the case of, say, a secured extranet? Is it requesting tabular data? Downloading a file? Kicking off a workflow?
Or what's the transaction of an online banking session? Checking my balances? Initiating a payment? Transferring funds?
Authenticating much more often than once a session is impractical from a user experience standpoint. People are just not going to enter their PIN & token code a half-dozen times. Security has always required usability trade-offs and authenticating transactions is going to be far too much hassle for most services.
I suppose you could batch transactions and ask for a second log-in before you process them. That would offer a sanity check and mitigate potential damage. But even that would require awfully security-conscious users to accept that process, tolerate the changes it implies in how the service can operate and actually pay attention to the batch to see if something was slipped in -- at which point I wonder how much additional security the transaction batch is truly providing.