Passwords Are Not Dead: The Increasing Need for SSO
As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories—Nelson Cicchitto, President and CEO of Avatier Corporation, shares some expert insights on Single Sign-On (SSO) solutions worth knowing in 2022.
Experts have been proclaiming the death of the password for some time. New authentication technologies such as biometrics, security keys, and token encryption have been touted as making passwords obsolete. Yet, we still use passwords to access everything from personal finances to social media accounts.
IT managers have wrestled with password security to protect digital enterprise assets. To maintain enterprise security CSOs need to implement password security protocols such as two-factor authentication, password encryption, regularly changing user passwords, and more. The more layers of password security, the more administrative overhead. That’s why Single Sign-On (SSO) will be with us for some time to come.
Passwords are Prevalent and Persistent
The use of passwords continues to rise at a fast pace. For example, there are now more than 4.66 billion internet users, more than 59.5% of the world’s population. That means more than 300 billion passwords need to be protected, up from 80 billion in 2017. The average user has to keep track of more than 100 passwords.
Password use is especially prevalent in the workplace. Research by the Ponemon Institute shows that more than 50% of employees rely on their memory to save passwords. Sixty -five percent of those employees use the same password for multiple officer applications. Of those who use various passwords, 26% say they save passwords on a spreadsheet, and 26% write down passwords in a notebook or using sticky notes.
Since workers aren’t good at managing password security, it’s up to IT to handle password authentication and safety, and that’s becoming increasingly expensive. Gartner estimates that between 25% and 50% of help desk calls are related to passwords and take 2 to 30 minutes to resolve. With the average cost of a help desk call at $70, fees for resetting passwords can add up quickly. A Widmeyer survey estimates that employee-related password issues cost businesses an average of $200,000 per year.
Despite the risk and expense, companies continue to use passwords for authentication because they are easy to implement and cost-effective. That’s why enterprise security managers need a more straightforward strategy to manage password security. Users will continue to use a single password for everything or use their birthday or their mother’s maiden name for authentication, which leaves companies wide open to hackers. Since you can’t change user behavior, you must impose better password security, but it also must be easy for employees to use, or they will find a workaround. That’s why SSO is appealing. It creates that added layer of security while making it easier to access password-protected digital assets.
Why Companies Need SSO
Passwords continue to be the weak link in corporate data security, especially since attacks targeting remote workers skyrocketed with the pandemic. Ninety-four percent of companies reported a cyber-attack in 2020. There was a 128% increase in malware in Q3 2020 and a 29% increase in botnet traffic. Experts estimate that 90% of data breaches result from human error. This problem is exacerbated by employees working from home. Only 34% of remote workers follow security guidelines, while 27% ignore or work around cybersecurity policies, and 36% delay updating their devices. Security leaders estimate that only 56% of their employees take adequate steps to protect corporate digital assets.
SSO gives users a single set of login credentials to access SaaS applications and websites, and access is protected using data encryption. There is no need to use multiple passwords or create new passwords. SSO simplifies user access to data they need and simplifies identity management for the IT department.
The Benefits of SSO
Deploying the right SSO solution not only gives remote workers secure enterprise access but yields administrative benefits as well. For example, SSO makes managing user access to data resources easier. User passwords are automatically synchronized when any directory passwords are changed. That means IT can leverage native directories to keep passwords current. Any time a user changes a password, that change is reflected in the corporate directory.
SSO also makes it easier to enforce corporate policies for compliance. The SSO system automatically captures approvals for access to cloud applications and services. That makes it easy to run reports for audit and governance, ensuring compliance with terms of use. An added advantage is SSO reports can provide an accurate picture of SaaS license usage. SSO usage reveals how many seats or licenses are being used. Using the core directory to manage user access based on roles can save an average of 30% on unused SaaS license fees.
And, of course, there are the user benefits. Users can be logged in automatically. They don’t have to remember multiple passwords, whether they are logging in from a desktop, laptop, or mobile device. It also means fewer calls to the help desk when they forget their credentials. Since it’s estimated that one-third of workers enter 4,000 passwords a year, which takes about 24 work hours, it’s also an excellent productivity tool.
Passwords are here to stay, which means security executives need to adopt new strategies to secure employee passwords. The best approach with more employees working remotely is to consolidate password management with SSO. It provides better security and gives IT more control over remote data access while improving productivity and making employees’ lives easier.