[MART] - Daily Diary #532 - Risks of Single Sign-on (SSO)

CTAS-MAT ctas-mat at appgate.com
Wed Jun 15 23:39:11 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

06/15/2022 - Diary entry #532:

Single Sign-On, also known as SSO, is a unique authentication procedure. With a single login instance, SSO enables a given user access to multiple systems in a same context.

Single sign-on (SSO) has become a necessity for businesses. Today, an average company uses thousands of applications, so SSO becomes a necessity - it’s almost impossible for all users to remember different passwords for each system, and that becomes even harder if the security policy requires strong passwords or periodical change. On the other hand, if users adopt weak passwords on SSO, it becomes a much bigger threat. With a single compromise, an entire set of systems can become vulnerable. It’s also important to consider that even the best SSOs, despite their reputation, are not immune to phishing and man-in-the-browser.

Special attention must be paid to the security of the stored data. If the SSO system fails, it will be impossible to access the linked applications. In addition to that, in companies that collect lots of data from its users, SSO vulnerabilities can be catastrophic. A single fail can be the reason for data leaks on multiple systems, both in terms of user privacy and internal company data.

The one-to-many architecture of SSO is both a great advantage and a weakness. Companies adopting this kind of architecture must be aware that it will be one of the root targets of every major cyberattack, and therefore must pay special attention to it: guaranteeing that it is always up-to-date with the latest security patches and making sure your SSO adopts state-of-art authentication procedures, with multi-factor authentication, device profiling, and delivering only the necessary access for each user-device combination - what can be achieved by adopting a ZeroTrust model.

Kind Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220615/435ac84b/attachment.htm>

More information about the MART mailing list