Is Single Sign On (SSO) secure?

Single sign-on allows users to log into multiple accounts using one set of credentials.  This is beneficial to both the help desk and the end user, since the end user does not have to remember multiple sets of credentials, therefore reducing the number of help desk calls to reset passwords.

As useful as this tool sounds, many believe that using single sign-on is a security risk since an intruder would only need one set of credentials to access multiple systems, rather than a credential for each website or application.  This is a common misconception about SSO that is not necessarily true.

Since many companies require users to use upwards of 5 sets of complex passwords to multiple systems, end users tend to use unsecure methods to remember them such as storing them under their keyboard or in an excel file on their computer.  By using an SSO solution, these methods are eliminated, thus increasing the security of the network. So, instead of an intruder having easy access to credentials that are stored un-securley, an SSO solution eliminates this situation since end users will be less likely to write their credentials down.

In addition, if an organization is still wary about SSO, the solution can be set up so that users are forced to keep an extra strong password with regular password changes.

Other options that are more user friendly and increase security are using a smart card to login in or biometrics.  Using a smart card in addition to a pin code allows the user to sign in without having to remember any complex password, while biometrics would be the most secure since the user would have to physically be at the computer to log in.

Security is definitely a valid concern when it comes to Single Sign-On Products, however if the proper measures are taken, an SSO can actually be a more secure solution then forcing users to remember credentials for multiple systems and applications.

What is Single Sign-On?