Manual verification of the certificateīy manually verifying the certificate of the web resource connection, the certificate validation can be conducted for the domain it is used and its expiration. Every modern browser provides this or a similar brief overview which allows verification of the trust relationship of the SSO connection and the security level of the encryption which is applied. This is an example of the verification dialog displayed by clicking the small lock icon to the left of the URL bar in a Chrome browser. Verify that the connection is securely encrypted and authenticated Also make sure the connection is via https: (note the “s”) and never enter any credentials over plain text and unauthenticated http: connections. There is only one legitimate domain and host name combination for our SSO which is. Validate secure connection to the correct web resource before entering any credentials In the case of our SSO this looks like follows. Utilizing this information, we are able to tell if we are being targeted by an attack or not. That being said, what is the best way to use the SSO in a secure way? Luckily, nowadays tools and technologies provide us with plenty of information about trust relationships and communication security. They try to trick people into giving them their account credentials with the help of social and technical measures including phishing and spoofing of authorities as well as web portals. Sadly, the internet is full of fraudsters lingering around and waiting for a chance to make a profit or gain some benefits and they are happy to do this any way imaginable. In our case it guards who is able to access the virtual identity. SSO system, by nature, is the guard at the gates. The original web site will not know on which account that character is or have any way of linking that character to any other character on the same account. They will never see the account name or password. The original web site will only get the character information. While signing into a site, a character will be chosen to authenticate and the web site allow EVE SSO to get confirmation from CCP that verifies the character ownership. It also has the nice advantage of making it a lot easier to sign into their site without registration or keep track of multiple extra account names and passwords.įor EVE Online, the SSO means logging into a web site that has integrated the EVE SSO and can confirm a specific character. For Goodreads this is great because it means they don't have to worry about managing registered username and password information. The SSO, also known as single-sign-on, is a way to log into one web site or application using a username and password from another web site.įor example, will request to sign in with Facebook, Twitter, Google, or even Amazon. Any suspicious sites should be reported to detailed information about the SSO can be found in the article below. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |