Password Security Using SSO, 2FA and Biometrics
We’ve been receiving a lot of emails and notifications from different services and apps that SSO (single sign-on) is now available. SSO definitely makes things easier, but at what cost?
Single sign-on creates one authoritative account to connect multiple systems. Having only one account means remembering only one password, resetting only one password when it’s inevitably forgotten, and if an employee is terminated there is only one account to disable. Oh the things we can do with our extra free time…
Since there’s only one password to remember with SSO, it can reduce the risk of poor password habits as it encourages users to create one unique, really strong password. But, if you’re as paranoid as we hope you are, you may be questioning the risk of SSO. And, yes, if a single-sign on account is breached, all the systems connected to that account are breached. Cue two-factor authentication.
Two-factor authentication (2FA) is an additional layer of security, as it provides a second challenge during the sign-in process. It uses the concept of something you know (your password) and something you have (your phone). And while it can be considered an annoyance, it’s a good practice to use. Commonly, the second authentication is an SMS text message, but that can be dangerous too. Cybercriminals can intercept the text messages before it’s delivered to your phone, so you’d never know someone was trying to hack your account. We live in a scary world, folks. Cue authentication apps…
Authentication apps provide even more security and we recommend using them in conjunction with SSO whenever possible. Authy, Last Pass and Google Authenticator are popular choices. Traditional 2FA generates SMS messages, but the authentication apps are even more secure because it uses the app on the phone to show a new password or pin number for each login. Cybercriminals haven’t figured out how to intercept those (yet—we’ll keep you posted).
Biometrics are another popular security choice. Laptops and phones are more commonly offering fingerprint scanners or facial recognition to unlock devices and login to apps. While these protections help guard against targeted thefts, they don’t protect against phishing attacks, so stay paranoid!