Ping a Specific Port

Question

Dan

Asked: 2010-09-21 13:46:44 +0800 CST2010-09-21 13:46:44 +0800 CST 2010-09-21 13:46:44 +0800 CST

How is using client certificates more secure than TLS plus basic authentication?

772

I've read that securing services with client certificates is more secure than using the combination of TLS with basic authentication.

Client certificates have substantial drawbacks in terms of setup complexity and performance, so I'm looking for more specific reasons on how client certificates are more secure, and some examples of situations where they're justified. Thanks!

1 Answers

Voted

Mark Wagner · Answer 1 · 2010-09-21T14:12:05+08:00

Best Answer

Mark Wagner

2010-09-21T14:12:05+08:002010-09-21T14:12:05+08:00

A client cert isn't more secure than a (good, protected) password. In general it is better than a password because it is less likely (impossible) to be the same as another cert (contrast with http://xkcd.com/792/ ) and it is less likely (impossible) to be guessed (i.e. it is resistant to dictionary attacks). It may be less likely to be divulged by an end user than a password.

Client side certs are considered "something you have" so that a client cert and a password ("something you know") can satisfy any TFA (two factor authentication) requirements in various regulations.

3

How is using client certificates more secure than TLS plus basic authentication?

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?