Is Single Sign-on All That Great?

By Aaron Goldberg  |  Posted 2003-06-23

Our marketing and sales Guru dips into the technology of Single Sign-on and finds it "just okay."

There is simple proof that there are too many passwords in life, is when one of the key new features of Internet Explorer was the ability to automatically remember all of these disparate passwords for you. The reality is that in nearly all the systems we use, security is hard coded into each application, so each one needs its own username and password. The new identity management tools that offer the panacea of "single sign on" would seem to be a lifesaver. The answer isnt so simplistic.

The fact is that single sign on does have a lot of very good aspects to it. User delight aside, the IT professional can get a lot of benefit from these tools. One of the key benefits that comes from single sign on is that the security staff in IT can now manage employee change of status much more simply and easily. If someone leaves the firm or is terminated, you can end access to all their applications and corporate systems in a single keystroke. Contrast that with today where it takes many companies as long as three weeks after theyre gone just to get someone off email! In some of the less well managed systems, it can be months.

The second key aspect of single sign on is that it forces the IT security staff away from a "one at a time" approach to deciding which applications and what level of access each use will have to treating them as classes. Creating a far more consistent environment, and one where there are fewer audit and regulatory issues that will exist in the event something untoward occurs.

Finally, there is the very real cost savings that come from not having to reset so darn many passwords. One of the most useless wastes of time money and attention is to reset a password because the user lost the yellow sticky note that was taped to their monitor bezel with all their passwords on it, or, a that they just dont use a particular application often enough to remember it. As the costs to reset passwords near $40 per instance, it soon adds up to real money.

Yet, the move to single sign on is not without its risks. In essence, you are reducing the complexity of getting into systems because one username and password does it all. Losing this key information for an administrator can be a huge security breach. That means that going this way requires better systems for managing sign ons. This isnt something you want to do with a password protected spreadsheet. Also, you may want to consider multiple authentication to go with single sign on to add a layer of security.

So is this a panacea? Well not totally, but single sign on actually comes reasonably close. The user benefits are actually quite compelling, and there is even a cost saving and in many cases, a regulatory, aspect that can be improved. It does require more thought and more complete and well managed systems, but the reality is that given the explosion in the number of applications we are all using, it has to happen. Otherwise, well soon be adding headcount to the staff that resets all those lost passwords.

Rocket Fuel