Single sign-on, or SSO, is a method of authentication that lets a user log in with a single identity and password to a number of several separate, but related, systems. Customers and employees have secure access on any device with one click. SSO can be used across multiple devices, and cuts down on the amount of separate passwords and accounts they need to manage.
With each new application, the number of accounts and passwords the average user must manage grows constantly. Maintaining separate and unique passwords for each one can become cumbersome, difficult to manage and ultimately a security risk. Here are a few ways SSO can mitigate these issues.
Single sign-on boosts security by reducing the number of passwords in use across a business, a surface that’s always heavily targeted. Users go from several separate at-risk credentials to just one, and this single credential can be more carefully secured. Two-factor or multi-factor authentication can be combined with SSO, adding another layer of security.
Hackers have less incentive to hit your site if you don’t host a ton of login details. You’re also less likely to have a bunch of users with horribly weak passwords poking holes in your site’s overall security. Thereby reducing risk of cyber-attacks.
Customers and employees use mobile devices now more than ever, yet mobile devices are also the most vulnerable to security attacks. Users can sign in securely with SSO on any device using any web browser. Employees who work from their mobile phones or personal devices are protected with single sign-on solutions.
Adoption of single sign-on solutions allows IT to maintain internal credential management. Passwords are stored internally, rather than remotely by the various applications customers and employees use that may have more relaxed or unregulated security practices.
Employees become tired of having to remember a host of passwords, each varied in their own bizarre way. While some people combat this with tools like password managers, others take a more “grassroots” approach, leaving all of their passwords on an unsecured document on their workstation, or worse, on a sticky note attached to their monitors.
Much like driving while tired, logging in while fatigued by passwords is very dangerous. Employees who experience password fatigue might be more inclined to use repeat passwords; according to Ponemon, 51% of people asked to rotate the same five passwords across their work and personal accounts. What’s more, while they may be sharing passwords between their own accounts, employees often share passwords with each other; 69% asked by Ponemon admitting to doing as much for work account access.
Users who log into multiple accounts each day can experience password fatigue. A strong, unique password is necessary for each separate account. Customers and employees may be tempted to avoid creating multiple long passwords that are hard to remember. They might use the same password for different accounts, choose easy-to-remember passwords that are less secure or rely on written records of passwords. Password fatigue creates security issues because when a weak or often-used password is compromised, other sites using the password are easy targets. Single sign-on can mitigate the risk by allowing users to sign in to multiple accounts with a single set of credentials.
When employees use best practices such as not writing down passwords, they can understandably forget them. SSO can reduce time and resources that the IT help desk spends resetting forgotten passwords for employees. This reduces IT work load and frees the department to take care of other projects. The cost of resetting passwords has been estimated at about $180 per employee per year, so the benefits of avoiding password resets are also monetary.
Basically, you won’t have to futz around with passwords. While reducing your hack risk is important, even more important is not having to reset people’s passwords every five minutes. All the authentication and password heavy-lifting is managed by the trusted authenticator.
In work environments where time is critical, such as emergency services, hospitals and security industries, large numbers of employees need quick and unencumbered access to systems. Single sign-on creates login speed and ease, helps prevent errors and reduces interference from malware — thus increasing the speed of system entry when time is of the utmost importance.
Signing in once also saves time, thus improving employee productivity. Given that 68% of employees switch between ten apps every hour, eliminating multiple logins can save a company considerable time and money.
SSO solutions that are part of an identity and access management system usually have an app portal. To use an app, employees select it from the portal. If the user doesn’t have an app, he or she can request it through the portal and it’s added with SSO enabled. It all happens quickly, so users who might be discouraged from requesting or using apps are more likely to use them.
With SSO, users don’t have to go through lengthy sign-up and verification processes. Because Facebook has already done all the email verification and data collection, new users can sign up as quickly as they can log into Facebook.
HIPAA regulations require authentication of users who have access to electronic records or require audit controls. HIPAA regulations also require automatic logoff. Most SSO solutions enable these functions. Sarbanes-Oxley regulations require documentation of IT controls and proof of adequate methods of data protection. SSO can also help with meeting antivirus and data access security.
SSO helps with regulatory compliance in many ways. Regulations, such as Sarbanes-Oxley, require that IT controls are documented and that organizations prove that adequate methods are in place to protect data. SSO is a way to meet requirements around data access and antivirus protection.
SSO can also help with regulations, like HIPAA, that require effective authentication of users who are accessing electronic records or who require audit controls to track activity and access. Regulations, like HIPAA, also require automatic logoff of users, which most SSO solutions enable.
When SSO is part of an identity and access management (IAM) solution, it utilizes a central directory that controls user access to resources at a more granular level. This allows organizations to comply with regulations that require provisioning users with appropriate permissions. UAM systems enable SSO with role-based access control (RBAC) and security policies. This type of SSO solution also deprovisions users quickly—or even automatically—another common compliance requirement meant to ensure that former employees, partners, or others can’t access sensitive data.
Basically, SSO solutions can simplify regulatory compliance requirements that require documentation for policies, identities, and information. Companies can ensure data is protected at all levels and only authorized personnel have the ability to view or change sensitive information.
Occasionally, administrators will require users to re-enter their password as a security function. It helps reinforce that the same user is still active on the device that stays signed in. Single sign-on gives administrators a central location from which to do this, rather than working through multiple applications, some of which may not support password re-entry.
Single sign-on solutions benefit companies by giving IT departments a higher level of control and streamlining its processes. Customers and employees gain ease of use. All parties enjoy enhanced security. Find out if SSO is a tool your company can use.
You must be logged in to post a comment.