As a result, organizations are implementing identity and access management (IAM) solutions to enhance login security. IAM systems allow admins to define and manage the roles and access privileges of each of their end users.

One of the user authentication services that simplifies access management is secure single sign-on (SSO).

What is Single Sign-On?

SSO is a session and user authentication service that allows a user to use a single set of login credentials to access multiple applications. With most users using simple or similar passwords across all accounts, hackers find it too easy to hack systems and gain access to organizational data. SSO uses a central directory that controls user access to resources at a more granular level. It’s like having a single, very secure key to access 100 different doors with 100 individual locks.

It tracks user-access and de-provisions fishy users or logins that do not comply with regulations, thereby improving the security of the organization.

What are the Advantages and Disadvantages of Single Sign-On?

SSO Advantages

• Better User Experience

With SSO, it’s much easier for users to access all of the different applications they use on a daily basis. They only have to login once and then there’s usually a portal where they can access many different applications at the click of a link. This benefit, of course, applies to all users, including IT admins. The average number of applications used per company has jumped to about 129, according to a study performed by Okta in 2018. This coincides with the rise in use of SaaS applications.

• Increases the Productivity of IT Admins and Reduces Help Desk Costs

SSO reduces the number of help desk tickets and the time IT admins spend dealing with password related issues, such as password resets. This also reduces the downtime experienced by the end user.

In addition, SSO enables rapid provisioning and deployment new SaaS applications. The SSO solution should support an open standard such as Security Assertion Markup Language (SAML) 2.0 to allow fast provisioning.

• Minimizes the Risk of Using Bad Passwords

Top five worst passwords used regularly among users are:

• 12345
• 123456
• 123456789
• test1
• password

According to the Forbes article Ranked: The World’s Top 100 Worst Passwords, Microsoft analyzed a database of 3 billion leaked credentials from security breaches and found that more than 44 million Microsoft accounts were using passwords that had already been compromised elsewhere.

Password re-use, using simple passwords and other such poor practices of password usage can result in a costly security breach. SSO enables users to follow better password hygiene and use much stronger login credentials.

Disadvantages of SSO

• The Potential for Decreased Security

If SSO is not implemented securely, perhaps in combination with another type of IAM solution such as two-factor authentication (2FA), it could be disastrous to the company. With only one set of leaked credentials, hackers can easily access all applications and obtain sensitive, privileged information.

2FA provides an additional layer of security by confirming user identity utilizing something the users know (e.g., a password) and a second factor other than the password – something the users have or something they use, most often a mobile app or a token.

SSO along with 2FA provides a secure login system that provides all of the benefits discussed above.

How is Single Sign-On Implemented?

There are various SSO service providers in the market that can cater to your organizational requirements. You can consider key decision criteria such as if your company needs an on-premise SSO solution, an identity as a service (IDaaS) solution or a hybrid service for your environment.

Using a combination of SSO and 2FA can provide the convenience and security your organization needs.

Looking for a robust IAM solution? Learn about Kaseya’s IAM solution, Passly.

The post Single Sign-On (SSO): Ensuring More Secure Logins appeared first on Kaseya.

Password related hacks are one of the leading causes of data breaches, so better access control is becoming essential for effective security. As a result, identity and access management (IAM) has become critical to midsize businesses. For businesses to be agile and competitive, IT teams today are under great pressure to have better security controls for the enterprise in place while streamlining authentication procedures to avoid a decline in user productivity. 

In addition, IT admins, like everyone else, in small and medium businesses have too many passwords to deal with. An increase in endpoints and applications means spending more time managing access to credentials. There has to be a better way!

Passwords Alone are Not Enough

Verizon’s 2017 Data Breach Investigations Report revealed stolen or weak passwords were responsible for 81 percent of hacking-related data breaches. While passwords are unlikely to disappear anytime soon, companies of all sizes must look beyond passwords to secure users’ access to business applications and systems.

One level of security is no longer enough. Multi-factor authentication can prevent data breaches that occur through brute-force, phishing, and social engineering attacks by using more than just a username and password.

Multi-factor Authentication (MFA) 

It is a security system that requires more than one method of authentication to verify the user’s identity for login. 2-factor authentication (2FA) solves the password problem by requiring something users know- typically username + password, and something they have – a token or smartphone app. This 2-step process confirms they are a valid user. MFA adds a layer of security that allows companies to protect against compromised credentials.

Single Sign-On

We all know how much of a hassle it is to keep track of a large number of passwords and then to have to use different passwords to access each of our applications. Single Sign-On solves this problem by allowing a user to use only one set of credentials to login once to an application “launchpad.” From there they have access to all of their standard applications. This saves a lot of time logging in for all of your users.

Privileged Access Management (aka Privileged Account Management)

A privileged user is someone who has administrative access to your critical systems. And, it goes without saying that you only want to give privileged access to those you trust. Privileged Access Management (PAM) tools offer a scalable way to authorize and monitor all privileged accounts across your IT environment. These tools typically let you:

• Grant access privileges to users only for specific systems, as necessary
• Grant access only when it’s needed and revoke access automatically at the end of the period
• Create an audit trail of privileged access activities for compliance purposes

PAM tools usually have a password vault to store all system passwords.

Organizations can have full control over which users and groups can access systems based on their roles. This centralized management, with fine-grained permission levels, provides a high level of defense against intrusion.

Technicians Need a More Effective Way to Access Endpoints

IT admins are responsible for uninterrupted operations of many endpoints and applications. Which means they typically have access to either end-user or admin credentials to log-in to those devices. They may use the password vault to gain access to passwords for end-user devices. One problem with this approach is that all of those passwords must be changed if the technician leaves the company.

Going Beyond Passwords for Endpoint Management

What if your technicians didn’t have to know or have access to any passwords to access end user systems? Kaseya’s 1-Click Access allows secure access to end-user devices for privileged users/admins at the click of a button, without having to know user or admin credentials. This not only saves valuable time but also eliminates the need to change passwords when someone leaves the company.

Stay tuned for more on Kaseya’s 1-Click Access in an upcoming blog.

To learn more about Kaseya’s endpoint and network management solution, request a demo for VSA by Kaseya.

The post Going Beyond Passwords for Better Security appeared first on Kaseya.