Q

How SSOs differ from login and passwords

Learn how SSO systems and login and passwords differ, and which systems are more likely to be exploited and why in this Ask the Expert Q&A.

In a previous tip, you classified login and password as High risk and SSO as Medium risk. If login and password are HIGH risk, why would SSO, relying on login and password be a reduced MEDIUM risk?
SSO systems are quite complex and are deployed differently than single authentication systems because they have to synch with diverse types of authentication databases and directories. That means they have stronger built-in controls. Additionally, because SSO systems are a front end to applications, they sit inside a corporate firewall, behind a DMZ, and aren't exposed to users outside the company. For these reasons, I ranked IDs and passwords higher than Single Sign-On (SSO).

But what about remote users on VPNs, you might ask? Aren't these external users going through the firewall to access internal systems through an SSO system? The answer is yes. However, because the user has to log in to the VPN first, using a separate login -- they would first have to breach the VPN before they could even attempt an SSO login breach.

With that said, your point is still valid. On the surface, SSO by definition is a single point of access and could be seen as a single point of entry for a malicious user. However, with the mitigating controls just described, I felt the risk of SSO was lower than that of a simple user ID and password system.

This was first published in March 2006

Dig deeper on Enterprise Single Sign-On (SSO)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close