Single Sign-On, or SSO, allows for the use of a single set of login credentials that authenticates multiple accounts and software. For example, many companies use Microsoft’s M365 platform to maintain credentials. If SSO is enabled, users may use those same credentials to authenticate to non-Microsoft tools like CrowdStrike or SentinelOne.
In terms of effectiveness, there is a clear benefit to having a single method of login for all the software someone might use during their work. Since you should never re-use a password between sites, we end up having to maintain many sets of credentials for the tools we use. Utilizing SSO results in fewer passwords to maintain. Fewer logins and authentications mean less downtime when switching between software and tasks. Contrary to this, there is also the possibility of needless authenticating to software that will not be in use. Authenticating into an account or software you will not use can be viewed as needless traffic and a potential security risk.
In terms of security, SSO has its advantages and disadvantages. When implemented with proper password strengthening practices, SSO can be just as secure as any other method. When this is not the case, however, and poor passwords are in use, the damage potential of leaked credentials or compromised accounts is much higher, as malicious actors would acquire access to far more power.
Advantages:
- Less likely to create password fatigue
- Reduced login and authentication time expenditure
- Encourages strong passwords
Disadvantages:
- Higher risk value
- Reliance on central authentication system availability
As with everything in cybersecurity, the decision to use or not use SSO comes down to risk, specifically how you identify and mitigate risks. Here are some of those considerations:
- Risk: A user’s SSO credentials may be leaked or guessed.
- Mitigation:
- Enforce password length and complexity.
- Only deploy SSO if you also deploy Multi-Factor Authentication (MFA).
- Use a Security Incident and Event Monitor (SIEM) solution to detect abnormal behavior such as impossible travel.
- Enforce password length and complexity.
- Risk: A user’s SSO credentials may grant them access to sensitive resources, such as backups, and PCI/PII information.
- Mitigation: Do not deploy SSO on highly secure resources.
Overall, while SSO can provide great benefits to the productivity and workflow of certain environments, there are other, more sensitive environments whose security may not be worth sacrificing for those benefits.
