While the Kerberos and NTLM schemes are considered secure, and even digest or basic authentication can be used over TLS with a low risk of a malicious actor intercepting the communication and stealing the credentials, platform authentication still has some inherent disadvantages in terms of security. They are as follows:
- Credentials are sent more often, hence their exposure and the risk of being captured in a Man-in-the-Middle (MITM) attack are higher, especially for the basic, digest, and NTLM schemes.
- Platform authentication does not have the log out or session expiration options. As Single Sign On (SSO) is in place when using Windows Authentication, the session starts as soon as the user opens the application's main page without asking for username and password, and it gets renewed automatically if it expires. An attacker who gains access to the user's machine or Windows account will gain instant access to the application.
- Platform authentication is not suitable for public applications, as they require a higher technological and administrative effort to set up and manage than the most popular form-based authentication.