Using single-factor authentication

Revision as of 06:09, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ auction south africa ] [ african american family picture ] [ voting systems in australia ] african cave dwelling pic spider [ african cichlids dwarf ] [ australian innovation centre ] [ africa desert in sahara ] [ albino african clawed ] [ remove norton antivirus 2004 ] [ australia heartworm ] [ u2 concerts australia ] [ portable antivirus software ] norton antivirus symantec antivirus [ birth death and marriage victoria australia ] http [ autodesk express viewer download ] [ norton antivirus 2005 serial keys ] [ asian girl friends ] [ oh africa my soul cries out to you ] the association of professional engineers scientists and managers australia [ africa zabala ] [ australia breeders dog in victoria ] [ botswana african safari ] [ dating sites in australia ] [ australian map outback ] [ african countries map ] [ asian bedroom themes ] [ 2005 australian open winner ] domain [ avg antivirus definition updates ] [ labontes autoschool ] [ map of the asia pacific ] [ australia taxaccounts ] [ african hair salons ] [ tsunami in south asia death toll ] [ high rez auto images ] [ auto mixing dj software ] automotive repair manual download [ 1983 australian male open winner ] [ autonics sensors ] [ asian loni ] map travel in south africa europe [ asian beaver chang mr ] [ west african kingdoms ] [ norton antivirus 2005 crack codes ] [ african american singers list ] [ antivirus software review cnet ] link This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/26/2009

Vulnerabilities Table of Contents


The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.


  • Authentication: If the secret in a single-factor authentication scheme gets compromised, full authentication is possible.

Exposure period

  • Design: Authentication methods are determined at design time.


  • Languages: All
  • Operating platform: All

Required resources




Likelihood of exploit


While the use of multiple authentication schemes is simply piling on more complexity on top of authentication, it is inestimably valuable to have such measures of redundancy.

The use of weak, reused, and common passwords is rampant on the internet. Without the added protection of multiple authentication schemes, a single mistake can result in the compromise of an account. For this reason, if multiple schemes are possible and also easy to use, they should be implemented and required.

Risk Factors



In C:

unsigned char *check_passwd(char *plaintext){
        if (ctext==secret_password())
          // Log me in

In Java:

String plainText = new String(plainTextIn)
MessageDigest encer = MessageDigest.getInstance("SHA");
byte[] digest = password.digest();
if (digest==secret_password())
  //log me in

Related Attacks

Related Vulnerabilities

Related Controls

  • Design: Use multiple independent authentication schemes, which ensures that - if one of the methods is compromised - the system itself is still likely safe from compromise.

Related Technical Impacts