There are many myths surrounding single sign-on.
Single sign-on is a well-known authentication procedure that is intended to make life easier for users. Nevertheless, it is still fraught with prejudice. What can single sign-on do, what can’t it do and what does comprehensive protection against hackers look like?
What does single sign-on mean?
With single sign-on (SSO), the user only enters their login details (usually: user name + password) once. This gives them access to several services, applications or resources. This eliminates the need for individual login processes. If you consider how many accounts for applications and services we have in the private sphere alone, one advantage of SSO quickly becomes clear: we save a lot of time. In addition to a whole range of social media accounts, we use access to online shopping platforms, streaming services, payment services and so on. When we leave the private sphere and enter the world of work, the jungle of access data becomes even more confusing. So the question is not whether single sign-on makes sense. But rather what you should also consider in order to achieve comprehensive protection against cyber attacks.
What advantages does SSO offer?
In addition to the enormous time savings, single sign-on offers further advantages. It may seem contradictory at first glance, but SSO brings more security if you use it correctly. One secure password is more effective than many individual, often insecure passwords. The more accesses, the more security gaps for attackers. Administrators and users also benefit from SSO as they can work more productively: If they need to block or change an access, only one action is required on one account. SSO also makes phishing attacks more difficult. As users are usually logged in everywhere and are no longer tempted to log in to other people’s systems.
Prejudices about single sign-on
Single sign-on is also referred to by skeptics as the “single point of failure”, as hackers supposedly only have to crack or steal one password instead of many. The single point of failure is usually the user themselves, as they often choose a simple password and then use it for many accesses. Single sign-on, on the other hand, is usually used in combination with other security measures such as multi-factor authentication. Another misconception is that SSO is equated with a password manager. However, SSO does not focus on the password, but on access. SSO uses standard protocols such as OpenID Connect and OAuth2. It therefore only provides access to confidential systems. It is therefore much more than a password manager.
Cyber attack on Norton LifeLock customers
The recent hacker attack on customer accounts of Norton LifeLock – ironically one of the world’s leading providers of cyber security solutions – shows that password managers are not necessarily secure. This was presumably a credential stuffing attack. In this attack, hackers used previously disclosed or compromised login credentials. To then infiltrate accounts on various websites and services that use the same passwords.
Enhanced security through access control
In addition to the SSO function, a modern IAM system offers the separation of access and authorisation. However, the terms authentication and authorisation are often confused, but must be clearly separated in terms of their security and functionality. While authentication grants access to a protected area of an Internet application, authorisation provides access control that only allows the use of certain functions for certain users or user groups.
You can also find out more under:
That was: Single sign-on – advantages, prejudices and solutions
With Login-Master, as a provider of access and identity management solutions, we rely on single sign-on through the use of Keycloak. In this way, we provide our customers with a holistic and ultra-modern security solution.