The Pros and Cons of Single-Sign-On Identity Management
For many people working and browsing online, single-sign-on (SSO) has become a way to offset the burden of remembering passwords. The two most common SSO platforms, Facebook and Google, allow their users to seamlessly login to third party sites. In turn, Facebook and Google become the predominant identity management systems, or "source identities." But, with increasing cybercrime and corporate hacks, should users rely on SSO to streamline their passwords? Yes, and no.
Drawing the Line
SSO can be leveraged in two environments: the personal, and the corporate. On the professional side, SSO works very well when properly implemented. According to security intelligence, the average employee has anywhere from 8-12 passwords, with 41% of users repeating passwords. A further 58% reported having weak, or easily-guessed passwords. To combat password fatigue, your IT staff can implement organization-wide access controls and identity management. This ensures your employees only have access to the data they need - decreasing the likelihood of accidental, or malicious, data corruption or loss. This also makes it far easier during the employee on- and off-boarding process, ensuring digital assets are secure and oversight is centralized.
Image courtesy of TechTarget.
SSO becomes a larger concern when applied to personal accounts. When using SSO across a variety of sites, you are increasing your attack surface. If a single one is compromised, hackers gain the keys to the proverbial kingdom. They have information for all the accounts you are linked to - whether social, financial, work-related, etc. This was the case when hackers exploited a weakness in Facebook's SSO feature, gaining access to data that had been stored on multiple sites.
Of course, Facebook and Google aren't the only targets. General internet-based attacks have risen over the past year, with Symantec's researchers reporting:
- 1 in 10 URLs are malicious
- web attacks increased by 56%
- 1 in 36 mobile devices had high risk apps installed
- enterprise ransomware is up 12%, mobile ransomware is up 33%
By keeping your passwords separate, and maintaining good password hygiene, you have far greater control over any intellectual property or personally identifiable information tied to your site activity. Remember to stay vigilant, encrypt your sensitive data, and always leverage two-factor authentication for added security. For more information about protecting your data, or securing your employees against today's cyber threats, reach out to an iCorps expert.