The Failure of Shared Secrets and How We Can Replace Them
User authentication is a crucial component of securing any system. Access to sensitive infrastructure resources such as servers, databases and applications must be restricted to authorized users only. One popular (but vulnerable) authentication method is using shared secret credentials.
What are shared secrets and how are they used?
Shared secret authentication is a process where a user or application is authenticated by presenting a secret, such as a password or API key, to a service’s authentication system.
Shared secrets are commonly used to authenticate users to web applications, databases and other infrastructure resources. For example, a user may enter a username and password to access a web application, or an application may use an API key to access resources hosted by a cloud provider like AWS or GCP. Commonly these secrets are shared via a password vault. Password vaults are useful because they centralize all of your secrets into one “secure” location, allowing ease of access and for easy organization/categorization. Shared secrets and vaults, however, have a few problems.
Drawbacks and security problems
While sharing secrets among teams, or even whole companies is a common practice, it has several drawbacks and security problems that make it vulnerable to attacks. Here are some of the major issues:
Password theft: Shared secret authentication relies on the secrecy of the password. If an attacker gains access to a user's password, they can use it to impersonate the user and access sensitive resources. Password theft can occur through various means, including phishing attacks, keyloggers and data breaches.
Centralization of credentials: Password vaults centralize the storage of authentication credentials, which can be convenient but also increases the risk of a single point of failure. An attacker who gains access to the password vault can potentially access all the credentials stored within, and the risk of compromise is higher since all the credentials are in one place.
Insider threats: Insider threats, such as employees or contractors with legitimate access to a password vault, can also pose a risk. These insiders may accidentally or intentionally disclose their login credentials, share sensitive information or abuse their access privileges.
Long shelf-life: Another vulnerability of shared static credentials is that typically they are long-lived unless frequently rotated. If credentials are not rotated frequently, they can be more susceptible to attacks, as attackers can exploit long-standing access to sensitive resources. It is essential to establish policies and procedures for regular rotation of stored credentials to reduce the risk of exploitation. For example, part of these procedures should include protocol for rotating credentials every time an employee leaves the company, ensuring they no longer have access.
Poor auditing and monitoring: Inadequate auditing and monitoring can also make password vaults vulnerable to attacks. The password vault should have appropriate monitoring capabilities to detect any suspicious activities and audit trails to identify who accessed which credential, when, and from where.
Alternatives to sharing secrets
Given the drawbacks and security problems associated with long-lived shared secrets, it is important to explore alternative authentication methods that provide better security and usability. Here are some alternative authentication methods:
Multi-factor authentication (MFA): MFA is an authentication method that requires users to provide two or more forms of authentication to access a system. For example, a user may be required to provide a password and a one-time code sent to their mobile device. MFA provides an additional layer of security, making it harder for attackers to gain access to the system.
Short-lived certificate-based authentication: Certificate-based authentication involves the use of short-lived digital certificates to authenticate users and applications. Users are issued short-lived certificates with their federated identity baked into it, allowing a much more granular and secure approach to infrastructure access.
OAuth: OAuth is an open standard for authorization that enables third-party applications to access a user's resources without sharing their credentials. OAuth allows users to grant specific applications access to their resources, making it easier to manage access and reducing the risk of password theft.
While sharing secrets is a common industry practice, security-conscious organizations are phasing this method out in favor of access control platforms like Teleport. Learn more on how to implement certificate-based access control, and eliminate your long-lived credentials with identity-native Teleport. Also check out this great article by our CEO Ev Kontsevoy talking about the passwordless future ahead of us.