SSO is only one type of federated ID management. There are other more notable systems, such as one-time password (OTP) tokens. OTPs are gaining popularity as a two-factor authentication method for financial Web sites that need to comply with the Federal Financial Institutions Examination Council (FFIEC) directive, which states that all financial Web sites who participate in high-risk transactions must use two-factor authentication to...
secure customer information.
An OTP token generates a random PIN number every 30 or 60 seconds, which the user enters in addition to their user ID and password to log on to a system, like a Web site. The OTP provides an extra layer of protection, as it's nearly impossible to crack that ever-changing PIN number. Therefore, even if the user ID and password are stolen or sniffed off the network, the OTP still blocks access, malicious or otherwise.
If the OTP's popularity continues to increase, customers could find themselves carrying a key ring full of tokens, one for each of their banks, credit cards or other financial Web sites. The goal of federated identity management is to stop that. In an ideal world, users would carry one token to access all their systems, no matter who ran it.
Federated ID management is still in its infancy. It's been slow to take off, partly because competing companies and financial institutions would have to agree on a unified standard and IT architecture for such a system. There are initiatives in progress, some working to create standards across different companies. Two of the most famous are the Microsoft Passport initiative and the Liberty Alliance. IBM is also developing one for the private sector and OASIS is developing a federated identity solution for Web services.
Dig deeper on Enterprise Single Sign-On (SSO)
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.