Desigining an authentication system

I ran into this a while ago, and thought it was a wonderful discussion of how to go about designing a high quality authentication system.

As I’ve mentioned in the past, authentication is one of the hardest problems in security – authorization (AccessCheck) is relatively simple, but authentication is a nightmare.

This dialog, from MIT, discusses the issues that need to be considered while designing an authentication system, and the ramifications of not considering them.  All-in-all, an excellent read.

 

On a personal note: Work’s getting very hectic, so the blog’s likely to go dark until sometime next week, sorry about that :(.