When we hear about login security options, there is no way single sign-on won’t be mentioned. SSO service providers improve security and user experience by managing access to multiple related but independent software systems. It is accomplished by storing login credentials on a separate database. On the user’s next login, the database will intercept the authentication of the app or website for the user. Out side of the Password Security Issues, there are basically three different types of SSO:
- Web SSO also called Browser-based SSO, which allows the use of a single set of login credentials such as username and password across various web applications.
- Enterprise SSO is used to manage authentication of the internal network applications, resources and even web-based applications of a company or organization.
- Federated SSO is used to provide inter-organizational access. It allows third-party organizations to gain access to your company’s apps for smoother collaborations.
The big surprise—single sign-on isn’t about security.
The ultimate goal of SSO isn’t security but to improve user experience. By unifying all your login credentials across all platforms, there is no need to key in your username and password for each application. This is especially helpful for company employees who use dozens of enterprise apps each day. SSO allows seamless, one-click logins, saving valuable time and IT costs for password retrievals. However, as SSO service providers simplify the login process, they inadvertently address some common pain points of password security.
How SSO Solves Common Password Security Issues
Issue: Use of weak passwords
Let’s face it. Users are hardheaded in something as simple as adjusting password strength. According to a 2018 year-end report, 81 percent of Americans still use weak passwords. That is despite getting warned over and over again about large scale data breaches. Dealing with password security issues is now a full time job.
Maybe you are thinking there’s no way your employees are that irresponsible when it comes to protecting your company’s important assets. Well, think again! Remember Equifax, one of the top three in consumer credit reporting? One of their web portals was secured with username and password “admin,” which resulted in a large-scale breach in 2017. With SSO, employees won’t need so many passwords for all their enterprise accounts. This promotes the use of a single strong password instead of multiple weak ones.
Issue: Password listing
It is hard to remember passwords, so there’s no surprise that some people list their important passwords. Take a stroll to any company’s cubicle maze. You will undoubtedly spot at least one or two computer monitors with sticky notes containing account passwords. This makes it easier for insiders to gather relevant data. Someone could also simply disguise themself as a cleaning staff and take a peek at those notes—or at least that’s how it happens in the movies, right?
Don’t underestimate insider threats. It is among the top causes of data breaches. The worse thing about insider abuse is, it is very hard to detect. It would only be likely discovered after the concerned individual has already left the company. With SSO, employees will only have one password to memorize. This would minimize the occurrence of password listing.
Issue: Not changing passwords
It is difficult to think of new passwords, and it’s even more difficult to memorize them. The result, users are lazy in changing their passwords. A 2018 report revealed that 44 percent of users only change their passwords once a year or less. This far from the basic recommended security guidelines for changing passwords between 30 to 180 days.
Even if you are using a strong password, your logins can be vulnerable to brute force and dictionary attacks. SSO makes it easier to employ corporate security directives such as frequent password resets. Changing one password won’t be as taxing as changing a dozen of them.
In Conclusion
SSO alone isn’t enough of a solution for all login security issues. SSO leads to a single point of failure: because the credentials to access multiple accounts are stored in a single vault, a single compromise can lead to a major security breach. The best option is to combine SSO with other security solutions such as multi-factor authentication (MFA).
TraitWare isn’t just your typical MFA and SSO service provider. It eliminates the root of all your password security issues—the passwords. Instead of passwords, TraitWare leverages your mobile phone biometrics to authenticate your logins. TraitWare offers seamless user experience from new account enrollments to logins and the highest security possible with multi-factor up to four-factor authentication. TraitWare envisions passwordless logins as the future of IT security.