Wednesday, November 17, 2021

SSO and MFA authentication

SSO and MFA Authentication

There was a time where, we were using simple combination of a user name and password to protect our most vulnerable information, accounts. But the hackers are always one step ahead, they do Phishing, Identity theft, data breaches, malware attack to compromise the system at any time around the globe.

Now a days many new technologies introduced to provide additional layer of protection to our confidential and personal information over web.

SSO

Single-sign on (SSO) is a login technique or security solution in which users have one set of credentials (Username and passwords) to access multiple applications at a single time. The main benefit of SSO is the efficient centralized approach. Users can access multiple services without pausing to enter new credentials or to remember multiple username and passwords which are complex in nature. 

The SSO solution internally stores the multiple credentials for every section of software users need to access and then validates the users with those systems when they need to be accessed. This can improve user experience when used externally and boost workflow when used internally. It utilizes industry standards like Kerberos, X.509 or SAML 2.0 and replaces the passwords with security tokens.

The advantage of SSO is, users only need to remember one password at all times for login.

However there is one key risk for adopting this technology is, if a hacker or malicious actor hacks your one account, then he will be able to take other associated accounts or applications to its control. Loss of availability of SSO application means a user will not be able to access any other applications, becoming a single point of failure.

MFA

Multi factor Authentication (MFA) uses numerous different factors to verify a person’s identity and grant access to multiple software, systems, and data. Generally, MFA systems use two or more techniques to authenticate individuals with its concept such as What you know, What you Have, Who you are, What you do. 

Now, we aware that many applications are using MFA such as Google uses 2FA and MFA for securing its products. The advantage of multi-factor authentication is that, in most cases, it’s very secure. The combination of a password, physical token, and biometric can significantly reduce the risk of security breaches.

When implementing MFA, organizations typically choose two of the concepts as described above. So, a user might need to enter a password and a Short Message Service (SMS) code. The system might require MFA with every login or only when users login on a new device.

In organizations while using different applications under SAP systems while using the Employee Self Service Portal, you need to log in through SSO + MFA in your active directory, but you also need to connect through the firm provided VPN to keep your system more secured. 

So, we can optimally use both technology at one place to strengthen our security perimeter which can further improves both user experience and security.

Do you have any further suggestions, please do comment!

-DR

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...
  • EMS or NMS
    EMS or NMS Enterprise Management System Network Monitoring System Enterprise Management System is a bundle of software or application used f...