Fernando Corbató invented the password in 1965. Since then, passwords have gone on to take over the world. However, the esteemed computer scientist was always surprisingly candid about his brainchild, right up until his death in 2019. “It’s become a nightmare,” he exclaimed in a 2014 interview with the Wall Street Journal, referring to the fact that remembering dozens of passwords is virtually impossible for most human beings.
Researchers estimate that password reset calls to company helpdesks cost around £62.50 each. Fortunately, computer security has advanced considerably since the 1960s and there is a solution that can help: SSO or “Single Sign-On.” SSO lets users authenticate with many applications and websites from just one initial login, effectively eliminating the need to remember multiple passwords (or write them down). Many of today’s SSO solutions fall short of the mark and fail to cover all applications so it is important to consider a wide range of factors when choosing your technology.
In this post, we take a look at ten signs your organisation needs to modernise its approach to SSO.
According to research by Gartner, somewhere in the region of 40% of all help desk calls are password-related. Given that the average employee makes around 21 calls to IT help desks per year, on average 8 of them will be password-related. In most cases, staff simply can’t remember their credentials.
SSO naturally reduces the number of password calls by harmonising log-in requirements across apps, platforms and websites. SSO options effectively eliminate the risk of forgotten passwords.
Traditionally, IT teams would be involved and know when departments or users signed up for new software. This way, if staff forget their login credentials, they can provide reset functionality and support.
However, with the proliferation of cloud apps, users and departments can press on signing up for new applications without the IT team being aware and that can make governance, audit trails and password reset requests all the more difficult.
Again, with SSO, you avoid these issues. Users can sign up to new applications and the latest SSO systems can detect this and integrate them with the corporate SSO.
It can be hard to integrate corporate directory structures that maintain network user information and new cloud applications. In many cases, the two are incompatible leading to the risks associated with users managing multiple passwords creating risk for the organisation.
By contrast, modern SSO systems can bridge the gap between your existing corporate directory and the cloud applications being used, modernising enterprise identity management. This setup makes it easier for organisations to manage individual security identities and permissions.
Improved end-user application visibility is a desirable IT, and wider business, goal. 64% of businesses that didn’t get it right experienced lower productivity, and 41% lost revenue opportunities. This risk of “Shadow-IT” applications being used means the organisation is exposed to users potentially storing corporate data in unsecure and unapproved, cloud applications and services.
However, leading Identity and Access Management solutions can provide Single Sign-On that enables the necessary governance and audit trails over end-user access to applications and data.
Data suggests that over 50% of employees don’t receive any instructions on how to use BYOD in the workplace. No wonder 39% of organisations cite security concerns as their main barrier to BYOD adoption.
In a traditional setup, BYOD devices were beyond security teams’ reach. But with cloud-based SSO, they fall within the remit of the enterprise identity management system again, enabling improved governance and control for the enterprise.
The human brain is not set up for remembering passwords. Most people use one or two repeatedly, and to make them memorable, they use real words, which is bad for security.
Ideally, passwords should be unique, random strings of letters, numbers and symbols for every website and app, and be at least 12 characters long. But that sort of approach is wildly impractical in today’s context where users need access to dozens of apps and websites.
However, user-generated passwords can open up risks including easily guessed passwords, and predictable user behaviours to meet complexity guidelines (e.g., using a $ instead of a 5).
The National Cyber Security Center (NCSC) guidelines recommend implementing machine-generated passwords in conjunction with an identity management solution. This approach will mitigate an extensive array of security risks and reduce user friction as the SSO will reduce the number of passwords required by the user down to the single identity required to access the corporate directory. The Single Sign-On solution can then use this delegated trust to onward authenticate the user with 3rd party applications, whether these require passwords or use passwordless protocols. The end result is the mitigation of an extensive array of security risks and the elimination of user friction in one fell swoop.
Research conducted by My1Login found that a staggering 87% of office workers reuse their passwords across applications. 62% of users use the same passwords for both their work and personal accounts.
Using the same passwords across accounts increases the risk of a breach significantly. If hackers get into one account, they can access many more.
Leading SSO tools essentially eliminate this issue by leveraging integrated enterprise password management functionality to remove the burden from users. Organisations can integrate any system that supports single sign-on across multiple heterogenous domains, including smartphone applications, windows desktop applications and SaaS apps where such interoperability is not available through conventional password managers.
Corporate IT security policies, and often applications themselves, often mandate that users regularly change and/or create passwords that meet the following complexity criteria:
While these rules can make passwords more secure, they increase the risk of unsecure storage as they are realistically not memorable. These requirements can also lead to the user using predictable behaviours to meet the complexity criteria.
My1Login's research found 52% of users write down their work passwords, store them in a document or on their mobile or computer. These methods pose a real cyber-security risk to enterprises. Leading identity and access management products that combine an offering of Single Sign-On with Enterprise Password Management offer a solution to this, automating password security policy enforcement on 3rd party applications.
Phishing emails are a method hackers use to get users’ passwords. They may do this directly by enticing the user to click on an email link and asking them to disclose their username and password to a ‘spoofed’ website that maliciously harvests user credentials, or indirectly by asking them to download files that contain keyloggers.
Leading Identity and Access Management solutions can eliminate the risk of user credentials being phished using a combination of Enterprise Password Management and Single Sign-On functionality. The Enterprise Password Manager can enforce the use of long, complex, random passwords on cloud applications and then activate SSO for the application so the users are no longer required to enter their credentials. With some solutions, the new passwords generated by the system can be hidden from the user on the system and if they don’t know it, they can’t be phished for it.
Centrally managed SSO is a powerful component of identity and access management in preventing former employees from accessing sensitive applications and services. Everyone has read about ex-employees hijacking the company Twitter account after leaving. It can be challenging for system administrators to revoke or even maintain an audit trail over the applications leavers had access to. However, SSO makes the process easier to revoke access automatically linked to the other systems such as the corporate directory enabling lifecycle management of user access to cloud applications and services.
If any of these issues are affecting your firm, then SSO is a powerful solution. It provides more comprehensive governance and control over end-user application access, eliminates the users’ need to remember multiple passwords, and can even alert you when end users sign up for new applications.
Single Sign-On that integrates Enterprise Password Management functionality can add additional layers of protection by enforcing password policies on 3rd party applications and then hiding the passwords from users so they cannot be phished.
Find out more on how SSO can protect your organisation against data breaches.