Factors to consider before implementing single sign-on
My company is thinking about implementing single sign-on technology. What factors should we consider before doing so?
Single sign-on (SSO) may be a solution for your situation, but it all depends on your circumstances -- specifically security needs and budget.
SSO has its merits and risks. The two main merits are (1) Convenience:
Users need only identify/authenticate themselves once to the "primary"
domain and not for every platform or application. (2) Security: Because there's only one sign-on, SSO can eliminate the risks inherent in remembering multiple login/password combinations.
The two main risks are (1) Security: If an intruder compromises a user's account or password, that intruder could have extensive and easier access to far more resources. (2) Cost: SSO implementations can be expensive, both in the cost to purchase and in the manpower to deploy.
Two-factor SSO is best, where access is granted based on the double
combination of what the user knows (a password or PIN) and what the user possesses (a biometric device, for example).
Take a look at RSA's Keon and v-go from Passlogix.
For more information on this topic, check out these other SearchSecurity.com resources:
Best Web Links: Authentication/Access Control
Best Web Links: Passwords/Authentication
Web Security Tip: SAP Security: Authentication and single sign-on
This was first published in May 2001