In a previous blog on single sign-on, we looked at the advantages of single sign-on in today’s dispersed computing environment. Now, we’ll look at the role of primary authentication algorithms in single sign-on as well as review the limitations of single sign-on.
Single sign-on requires the use of centralized authentication servers that all applications and systems communicate with in order to determine that each user is permitted to use a given service. It combines the use of authentication servers with algorithms to enable users to enter their credentials just once. In addition, authentication servers provide security and non-repudiation; i.e., ensuring users are accurately identified.
In addition to passwords, the primary authentication algorithms used in single sign-on are private key encryption and Kerberos.
Kerberos works on the basis of tickets that allow computers communicating over a non-secure network to prove their identity in a secure manner. It provides mutual authentication; i.e., for communication to occur, each system must verify the other’s identity. Kerberos messages are protected against intrusions such as reply attacks and eavesdropping.
Public key encryption requires separate key, one public and one private. The two parts of the key are mathematically linked. One key locks (encrypts) the content the user wants to send, while the other unlocks (decrypts) the content.
In addition to its benefits, as is true with any technology, single sign-on also has its potential limitations as well:
- Single point of failure—If a hacker gains access to users login and password information, he/she has access to that person’s entire range of information and services. This causes IT teams to have to provide additional layers of security within the network to protect information assets.
- Limited Accommodation—A single sign-on solution may not be compatible with all major operating system environments. In order to implement single sign-on in a multi-OS environment, IT teams might have to develop customized interfaces.
Despite the possible limitations, removing the headache of remembering multiple passwords can provide many benefits to an organization, as long as IT teams can successfully address the potential limitations. As one measure of the ROI of single sign-on, Montclair Advisors, a provider of SaaS advisory services, noted in a 2010 report that a cloud-based single sign-on implementation can provide a 74 percent cost savings over five years.
For all of you deserving more information about the benefits of single sign-on, we have prepared a new e-Book: Single Sign-On Relieves the Password Burden for Users and IT Teams Alike.
Readers, have you reaped the benefits of single sign-on? Please share your experiences in the comments below.
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here