Pros and Cons of Single Sign-Ons
By Quan Nguyen
August 4, 2021
The internet has expanded to the point where we have accounts for everything. Whether you are shopping online, checking mail, or even watching videos, you are likely signed into some account. The process of signing into several accounts daily may prove bothersome and inefficient. Single Sign-On (SSO) services aim to reduce the number of logins you have to perform, but are they secure?
What is Single Sign On? How Does It Work?
SSO authenticates you to multiple applications/accounts of a system using one set of credentials. A popular example of this is Google. Signing into your Google account grants access to Gmail, YouTube, Google Calendar, etc. without having to repeat sign-ins for every app.
Users of SSO are assigned authentication tokens upon an initial login. When entering sites or apps within the same system, the token authenticates the user if the same device is used.
Misconceptions of Single Sign-On
Less Logins Means Less Security. People generally see logins as a method to validate your identity, thus increasing security when performed numerous times. The misconception is implementing SSO removes that factor and hackers would have a better chance of receiving your one set of credentials. However, many consider SSO as more secure than several logins, which seems counterintuitive.
In theory, multiple logins mean the person attempting to login must know several sets of credentials. The issue with multiple logins is that most users will create weak passwords or use repeated passwords for multiple apps, leading to a lack of security or they forget some of those many passwords. With SSO, users are more likely to create stronger, harder to guess passwords.
Implementing SSO Burdens IT Teams. SSO actually improves workflow and therefore helps fulfill the IT team’s purpose. SSO also aids IT teams since the process is automated, and cuts help desk calls for password resets.
Password Managers Do the Same. While both authentication methods offer solutions to access multiple apps using one set of credentials, they differ in other aspects. Password Managers protect passwords whereas SSO enables access built on trust through existing systems.
Advantages of Single Sign-On
Many businesses and stores have opened options online, and workplaces have transitioned to the cloud. Whether for work or leisure, we undergo login processes very frequently. Not only does this process give rise to poor password management, but it also disrupts workflow and forces tedious, often unnecessary logins. SSO eliminates frequent logins and password fatigue. Here are other ways SSO can benefit you:
- Lowers IT costs. Overloaded with passwords, users are bound to forget some and call a company’s help desk for a password reset. These reset calls cost companies an average of $70 per call, potentially costing large companies up to $1 million annually.
- Passwords are stored internally. Typically, apps and services store passwords remotely and are unmanaged. By internally storing passwords and tokens, IT administrators have more control over password management. Doing so provides IT admins more visibility on what apps their users use, reducing the chances of risk factors like shadow IT.
- Prevents shadow IT. Shadow IT refers to workplace downloads or technology use not authorized by the company’s IT team. IT admins can use SSO to monitor apps that employees use and mitigate identity theft risks.
- Very secure if combined with other authentication methods. Pairing SSO with multi-factor authentication or risk-based authentication (RBA) greatly improves security. Similar to how SSO prevents shadow IT, RBA revolves around monitoring user habits. Suspicious behavior like unusual IP addresses or multiple login failures are met with additional identification requests.
- It is fast. SSO authentication is based on tokens, not cookies. This optimizes speed and performance which is critical in industries like healthcare and defense. APIIDA demonstrates productivity gains through an example company of 1000 employees. If each employee performs 10 logins daily, each taking 20 seconds, 13.89 hours are expended per year on logins. With SSO, each employee saves 12.5 hours annually.
- Can satisfy regulation requirements. For example, the Health Insurance Portability and Accountability Act requires automatic log off for users which is possible with SSO.
- Minimizes third-party risks. Cybercriminals target usernames and passwords. Every login is an opportunity for hackers to steal credentials. SSO limits these interactions and connections with third party services and apps where risk is high.
- Reinforces stronger passwords. Users are more incentivized to create a strong, unique password using SSO since they only need to remember one. IT admins can regulate this security standard by requiring a certain amount of characters/combination of characters, and they can set a date when a password expires.
Disadvantages of Single Sign-On
While SSO offers benefits for a safer, more convenient login experience, there are also inconveniences and risks that follow:
- Limited user control. There is not much flexibility as a user in what SSO covers. For example, you cannot stay signed into Gmail and not signed into YouTube, at least not under the same browser account.
- Incompatible apps. If a series of apps from a brand are not included in their SSO service, the SSO solution essentially just becomes a standard password login.
- Unpredictable costs and time. An internal solution may seem like a cheap and easy process but can be costly especially for smaller companies. IT teams also may need to take significant amounts of time to implement and tailor SSO into company systems.
- Requires a strong password. Since there is one ‘master password,’ users should create a strong, unique password. The issue is that companies cannot enforce a truly strong and unguessable password. Even if the user does, there is a chance they may forget and render SSO useless.
- SSO providers are vulnerable to hacking. If an SSO provider is breached or servers go down, all connected services stop and become open to attacks. Some scammers also use phishing through SSO to steal your information.
- Inconvenient for shared computers. Home computers or workplace computers that frequently have multiple users creates an unsafe and tedious situation. Changing users means logging in and out constantly. Even worse, security and privacy concerns when users forget to log out.
- Data collection. Some sites that integrate SSO share data to third-party entities. Researching the trustworthiness of a website is crucial in these cases with lesser-known sites.
- Creates a single point of failure. Even if a password for SSO is stronger than average, hackers will have access to all connected accounts if that password is compromised.
Single Sign-On services take on the issue of excessive logins and offer a trust system, granting access to multiple apps/pages under one set of credentials. Many people misconceive that SSO decreases security but in this case, less is more. SSO comes with advantages that support company IT teams as well as provide security for users. However, risks do come with SSO if users are not cautious and SSO service implementation can cost companies a great deal of time and money.
Overall, SSO is a beneficial solution when it comes to providing excellent user experience and safety. If you are still concerned about privacy surrounding SSO, consider humanID as a solution. humanID values privacy unlike many SSO providers and is completely anonymous. Users receive a unique identifier through their phone that is irreversible. Your phone number and any personal identifiers are deleted from humanID databases, making this a viable and private login solution.