Retiring the Password through SSO
The humble password has been the sole layer of protection against unauthorized access of business data, platforms and more for a very long time. In fact, passwords (and user management of those passwords) are the weakest link in the chain that protects a business’ most valuable asset. Given that fact, single sign-on might seem like a bad idea (at least superficially). Why would anyone want to use a single set of credentials for multiple platforms, websites and accounts? Doesn’t that go completely against data security best practices? Actually, it doesn’t, at least when it’s implemented correctly.
What Is Single Sign-On?
Single sign-on, or SSO, is actually very simple. It’s the process of using just a single set of credentials to access multiple accounts, sites, platforms and resources. You can find a very good example of this with Google’s bundled services – your Gmail address and password give you access to G+, the Google Play store, Gmail, Drive and plenty of other features. Of course, that’s a simplistic example. Businesses use different solutions here, but the principle is the same.
A user logs into the business’ system with one set of credentials (a user ID, for example). They then have access to a range of specific lower-risk applications and information. For instance, once logged into the system, the user could access specific databases, programs like Word or Excel, and more. Enterprise level businesses often need to augment SSO with other solutions to provide access to more risk-critical areas, though.
Of course, it’s more complex than this. There are both pros and cons to single sign-on solutions.
The Benefits of Single Sign-On
There are plenty of advantages to using a single sign-on process. Let’s break down some of the more important ones.
- No Need to Remember and Manage Multiple Passwords – Most passwords are weak if they’re easy to remember. However, complex passwords can be extremely difficult to recall, leading to users writing them down in an effort to simplify things. That’s never a good thing. Add to that the need to regularly change passwords and you have a bad situation. Single sign-on solutions ensure that users never need to remember or manage multiple passwords. It also reduces the workload on IT help desk staff.
- Enhanced User Experience – System users expect things to “just work” and having to stop, remember or look up a password, and then enter that information for each site, account or platform creates a jarring, disconnected experience. Single sign-on simplifies the login process, saving users time and hassle, and creating a better overall experience.
- No More Account Lockouts – Remembering passwords can be tough to do, and some users are convinced that they remember correctly even when they don’t (or they’re just running down a list of possible passwords until they find the right one). The problem here is that too many incorrect attempts will eventually lock the user out of the account until IT can resolve the problem (or a specified period of time has passed). This reduces productivity, and results in a frustrating experience for both the user and help desk staff.
- Enhanced Auditing Capabilities – Some of the benefits offered by single sign-on aren’t user centric. Rather, they benefit the business directly. With an SSO system, managers and other decision makers are easily able to track access to programs, platforms and accounts, and determine what is being done, where and by whom. In the event of a breach, this allows the IT department to determine what accounts were breached and the extent of the damage.
The Cons of SSO
While there are lots of benefits associated with single sign-on, there are also some cons to the situation. These aren’t negatives per se. Rather, they’re cautionary measures that should be followed in order to ensure robust security and protection.
For instance, data security best practice is not to reuse the same password for multiple accounts. Single sign-on solutions seem to fly in the face of that rule. By combining SSO with multi-factor authentication, you can not only get around the issue, but actually create one of the strongest security barriers possible.
Multi-factor authentication is being used by a broad range of business and consumer-facing platforms. Google offers it, as does Facebook, and a growing number of other services. Essentially, it requires a user to authenticate a login attempt from any unrecognized device, usually via a text message sent to the user’s smartphone.
How does this enhance security? It’s simple. Let’s say a user’s credentials for an SSO system have been compromised somehow. The hacker attempts to log into the system using that information, but does so from an unknown location. The system immediately recognizes that this is a new device, and prompts the user for authentication by sending an authorization code to their smartphone.
Obviously, the user knows that they’re not currently trying to log into the system, and that someone is attempting to hack the account. This can be brought to the attention of IT staff and the appropriate measures taken, all without the attacker ever gaining access to even low-risk areas of the company’s system.
Additionally, other security solutions can be added to an SSO system to provide greater protection. Tokens, biometric systems, digital certificates and other options are readily available to help protect high-risk areas of a company’s system.
In the end, SSO capabilities deliver a better user experience and reduce headaches and hassles for both users and IT staff. Combined with multi-factor authentication, the risk presented by attacks is minimal – far less than that inherent with a traditional password-based system alone.
Is retiring the password possible? It absolutely is, and with the right approach, and the right IT partner, it can occur immediately for small, medium and even large businesses. The key is to choose the right partner.