What are the benefits of a single sign-on implementation from the point of view of security?
From my point of view, if the account is compromised the attacker has access to any resource, so according to this, SSO is far from secure.
Asked
Active
Viewed 4,604 times
0
-
1SSO, per se, isn't deployed to improve security. It's mainly used for convince. In _most_ installations, SSO is used as compromise of the security policy for the benefit of usability. It's all about finding your sweet spot on [the magical triangle](http://i.imgur.com/LhbIz9m.png). – Adi May 29 '13 at 12:19
2 Answers
2
I can see three main benefits.
Reduce the amount of passwords users have to remember. Users are encouraged to use vastly different passwords for different sites. Managing that many different passwords can be problematic. Obviously this isn't an issue if the user uses a password manager tool but let's be realistic, how many users can you expect to do that? A SSO solution can greatly reduce the number of passwords a user has to remember, which might encourage the user to choose a much stronger password.
Provides convenience to the users. A SSO solution literally means the user has to sign on just one single time to access multiple services. This is a huge timesaver especially if a company provides multiple services. A good example of this would be Google. While this might not strictly be accurate, I have a feeling that by reducing the number of times a user has to enter his credentials, the risk of an attacker intercepting the credentials through something like a keylogger will be reduced.
Reduce the headache of assisting users with password recovery. Imagine a company running ten different services. A SSO solution can greatly reduce the amount of helpdesk manpower needed as users only need to recover a single account. Whilst not a security concern, this is a very tangible benefit to companies.
Of course, a SSO solution concentrates a lot of power on the authentication solution. One should probably spend a lot more time and effort securing that single point of failure.
-
You are absolutely correct but these are usability benefits and not security benefits :-) – Shurmajee May 30 '13 at 04:35
0
In the words of Shwetha on the Cymfony System Testing blog, Some of the common advantages are :
Users select stronger passwords, since the need for multiple passwords and change synchronization is avoided.
Inactivity timeout and attempt thresholds are applied uniformly closer to user points of entry.
It improves the effectiveness/timeliness of disabling all network/computer accounts for terminated users.
It improves an administrator's ability to manage users and user configurations to all associated systems.
It reduces administrative overhead in resetting forgotten passwords over multiple platforms and applications.
It provides users with the convenience of having to remember only a single set of credentials.
This also improves security as users find it easier to remember their credentials and do not have to write them down, allowing for a more efficient user log on process.
It reduces the time taken by users to log into multiple applications and platforms
Gilles 'SO- stop being evil'
- 50,912
- 13
- 120
- 179
BlueBerry - Vignesh4303
- 5,107
- 13
- 34
- 63