Have you ever been frustrated because you have forgotten your password when logging into your email, social media, or bank account? I have.
Nothing is more irritating than having to hit the “forgot password” option, waiting for that email or SMS-based authentication to arrive. Not only that, then you have to take the time to enter a 6-digit code before entering a new password that you might inevitably forget...yet again. And when your employees experience this frustration regularly with their accounts at work, the problem manifests itself into higher support costs within your IT department.
I can share with you a solution that can allow you to streamline the login process for your employees, even for the 15 different accounts you access daily. Single sign-on might be the solution your business is looking for. It's also called SSO for short.
This article accompanies our 11-part blog series in support of our guide, Foresight 2020: Top 11 Cybersecurity Actions Every Company Should Take.
Single sign-on is a security service that allows user access to multiple network services by only entering a single login credential, for instance, one username, one password. This enhances that early morning routine and allows you to instantly get access to all resources with only one login credential.
Single sign on is simple. The service allows for access privileges to a user who has rights to multiple services at once and can connect through to them seamlessly. Single sign-on services work through a policy server that checks if that person is in a user directory. If so, that user is given access to what they are authorized to view.
With a Single Sign-On system, companies can decide which services to allow or not allow during SSO that best suits the needs of the company and/or role. The policy can be very granular, and as time goes on, it will only get better.
SSO has a ton of benefits. Besides the fact that it is simplifying the username and password login process, it's also improving your employee's quality of life because they don't have to remember so many passwords.
Tip: Instead of remembering a ton of small passwords, they can remember one long randomized password that is used for SSO. The company's help desk team will be receiving fewer calls about account lockouts and password changes, moreover, saving time and money.
If SSO is implemented at organizations where speed is critical as part of the daily operations— 911 dispatch center, hospitals or emergency services— SSO can benefit in preventing user errors and enabling fast network access, which can be the difference between life and death.
Although it is easy to see the pros when talking about SSO, it is also easy to think of all the security implications it can have. If a hacker were to figure out these credentials, they would have access to all accounts linked to these credentials.
If there is a workstation that is shared with other employees, it is possible that some of the accounts may remain logged in, and other employees can access multiple services. Here is where automatic timeouts and logouts come in handy, though this is not a fool-proof solution.
Since all passwords are managed through a central server, if this server were to go down, all services related to SSO would not be able to function correctly. This is what most security-minded people fear - a single point of failure.
I feel like SSO is an excellent service to have running on any network only if it is implemented and managed correctly. It can really benefit or hurt the company if not handled correctly.
It can be the difference between the CISO getting fired or help arriving faster to the person in need on an emergency 911 call. SSO is an excellent security service and can prompt a person to remember a longer, more complicated password than just a bunch of small, simple passwords.
It can enhance security for the company's network. SSO should only be implemented if you have a high amount of trust in your security team's management and implementation skills.
For further reading, check out this article on "Unpacking the NIST Password Requirements."
Remember, 24By7Security is your first line of defense and provides training services. Call us today if you have any questions and would like a consultation.