Passwords are no longer enough to secure logins to all of our software and systems. According to the 2019 Verizon Data Breach Investigations Report, 29 percent of security breaches involved stolen credentials. Those credentials are either stolen outright via a phishing scam, for example, or purchased on the Dark Web. If you don’t think any of your employees’ credentials are ‘out there’ on the Dark Web, think again!
As a result, organizations are implementing identity and access management (IAM) solutions to enhance login security. IAM systems allow admins to define and manage the roles and access privileges of each of their end users.
One of the user authentication services that simplifies access management is secure single sign-on (SSO).
What is Single Sign-On?
SSO is a session and user authentication service that allows a user to use a single set of login credentials to access multiple applications. With most users using simple or similar passwords across all accounts, hackers find it too easy to hack systems and gain access to organizational data. SSO uses a central directory that controls user access to resources at a more granular level. It’s like having a single, very secure key to access 100 different doors with 100 individual locks.
It tracks user-access and de-provisions fishy users or logins that do not comply with regulations, thereby improving the security of the organization.
What are the Advantages and Disadvantages of Single Sign-On?
SSO Advantages
- Better User Experience
With SSO, it’s much easier for users to access all of the different applications they use on a daily basis. They only have to login once and then there’s usually a portal where they can access many different applications at the click of a link. This benefit, of course, applies to all users, including IT admins. The average number of applications used per company has jumped to about 129, according to a study performed by Okta in 2018. This coincides with the rise in use of SaaS applications.
- Increases the Productivity of IT Admins and Reduces Help Desk Costs
SSO reduces the number of help desk tickets and the time IT admins spend dealing with password related issues, such as password resets. This also reduces the downtime experienced by the end user.
In addition, SSO enables rapid provisioning and deployment new SaaS applications. The SSO solution should support an open standard such as Security Assertion Markup Language (SAML) 2.0 to allow fast provisioning.
- Minimizes the Risk of Using Bad Passwords
Top five worst passwords used regularly among users are:
- 12345
- 123456
- 123456789
- test1
- password
According to the Forbes article Ranked: The World’s Top 100 Worst Passwords, Microsoft analyzed a database of 3 billion leaked credentials from security breaches and found that more than 44 million Microsoft accounts were using passwords that had already been compromised elsewhere.
Password re-use, using simple passwords and other such poor practices of password usage can result in a costly security breach. SSO enables users to follow better password hygiene and use much stronger login credentials.
Disadvantages of SSO
- The Potential for Decreased Security
If SSO is not implemented securely, perhaps in combination with another type of IAM solution such as two-factor authentication (2FA), it could be disastrous to the company. With only one set of leaked credentials, hackers can easily access all applications and obtain sensitive, privileged information.
2FA provides an additional layer of security by confirming user identity utilizing something the users know (e.g., a password) and a second factor other than the password – something the users have or something they use, most often a mobile app or a token.
SSO along with 2FA provides a secure login system that provides all of the benefits discussed above.
How is Single Sign-On Implemented?
There are various SSO service providers in the market that can cater to your organizational requirements. You can consider key decision criteria such as if your company needs an on-premise SSO solution, an identity as a service (IDaaS) solution or a hybrid service for your environment.
Using a combination of SSO and 2FA can provide the convenience and security your organization needs.
Looking for a robust IAM solution? Learn about Kaseya’s IAM solution, Passly.