Another Layer of Authentication?
We could always add another authentication in our application—a chance for the user to reenter the username and password (possibly a different password), but beyond frustrating the user, have we improved on security? (In the next chapter, we will try to improve on security with 2-Factor Authentication.)
I'm not saying that extra authentications are a bad thing. Sometimes you do not have the trust and assurances I listed previously, so SSO is not valid. The problems come when you have ten or tens of passwords. At that point, two things happen: your authentication support systems get heavily taxed because of lost or forgotten passwords and innumerable password resets, and your organization's (and personal) security ...
Get Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
