Queensland University of Technology Skip banner Skip to content A university for the real world
QUT Home
News QUT Expert Guide Marketing and Communication Department
Search News & Archive
QUT Links Magazine
QUT Expert Guide
What's On
Contact us
News by subject
Built Environment
Creative Industries
Cultural Precinct
Information Technology
Science and Technology

Date: 25 February 2010 

The safe way to use one Internet password

A little-used Internet authentication system from the 1980s could provide the answer for enabling web users to securely log in only once per Internet session, a Queensland University of Technology researcher has found.

PhD researcher Suriadi, from QUT's Information Security Institute, said a secure single-sign on system was more than simply using the same password for multiple accounts.

Mr Suriadi said any future single-sign on systems, which could potentially give web users access to a multitude of accounts, including email, bank and shopping, would require extreme privacy to avoid information spies and account hackers.

"Single-sign on systems are already being used by organisations," he said.

"For example, a bank could link their Internet banking site to an online trading site, thus relieving users from having to perform an extra log in step.

"However, if one of the parties is compromised, for example by a virus, a 'denial of service' attack or insecure set-up, it puts all the user's linked accounts at risk."

Mr Suriadi said his research investigated a little-used "anonymous credential system" which dates back to the 1980s, but recently received renewed interest from the research community.

"Using this credential system, we could enhance the security and privacy of a single sign-on system," he said.

"The system works by revealing as little information about who you are as necessary for logging into an account, therefore allowing you to remain anonymous.

"This way, a company wouldn't be able to track your shopping habits and target spam or marketing at you. This method could also confirm you are over 18 and not reveal your birthday."

Mr Suriadi said a single sign-on system backed by the anonymous credential system required the cooperation of businesses and organisations to enable it.

"One use of this could be for the research community, with online libraries and databases applying the anonymous credential system so that the privacy of researchers can be preserved," he said.

"This would be useful for people researching sensitive issues."

Mr Suriadi said for the purposes of accountability, such a system would also allow authorities to revoke users' anonymity in cases of illegal activity.

Media contact: Rachael Wilson, QUT media officer, 07 3138 1150 or rachael.wilson@qut.edu.au.