Passwords are SSO last season

Passwords typically form the first, and sometimes only, barrier to access for organisations. But, as recent Skrill research highlights, passwords are a security risk. One in three people are forced to resort to writing them down, while another one in three forget them completely.

If managing banking, shopping and membership passwords is a modern day nightmare, the enforced password mechanisms in corporate systems designed to keep the organisation secure can produce a similar headache. Those requiring a certain number of letters/numbers and “special” characters are particularly problematic. They often do not comply with external provider’s mechanisms and this results in multiple complex passwords being created by an individual.

How are users supposed to remember such impersonal “words”? As it turns out, they don’t. Instead, they end up putting their organisation at risk by writing down or sharing with a colleague, Forgetting means they find themselves locked out of their corporate desktop, critical application, or third-party service provider, leading to a drain on IT helpdesk resources.

This issue of “access amnesia” has the potential to be further exacerbated as businesses increasingly look to cloud services such as Google Apps for email and document sharing. Google Apps, especially Gmail, are a popular option for organisations making their first foray into cloud-based services. While the cost advantages of this model are compelling, businesses do not want to create a whole new set of accounts for their employees in the cloud, or force their employees to remember more new, complex passwords.

Internet single sign-on (SSO) has been around for a while, but the increased need to access a wide variety of internal and externally hosted business applications means it has come into its own. It enables users to continue to use their own local accounts, logging into their computers as normal, but then seamlessly log into the cloud services. In this way, the user experiences a continuous link from the corporate system, such as their Windows login, into the cloud services, such as email.

The fact the passwords are encrypted and not sent out to, or stored in, the cloud reduces the security headache for the IT department and fortunately there are significant cost savings to this approach too. For example, SSO users are less likely to lose or forget their password, reducing the pressure on IT helpdesks.

As more and more businesses look to the cloud for service provisioning, SSO should sound the death knell for passwords as we know them, and increasingly become the must-have solution for secure and seamless access from both inside and outside a company’s boundaries.