SSO, short for Single Sign On.  You've probably used it and not even realized it. 

So what is it?  Is it a good idea?

Welcome to the fourth and final episode in our Bad Passwords series. (See Part 1 , Part 2, and Part 3) There's only one more major player in the authentication game to talk about, and that is Single Sign On (SSO).

Basically, SSO allows you to sign in once, and use several different software tools.  For example, logging into your Microsoft account, and being able to open Outlook and Word and Excel without having to log in again?  That is SSO in action.

How does it work?

Well...  there are a few different frameworks, and they use agents and tokens and policy servers... you know, for most people's purposes, it's neither interesting nor important.  The better question is:

Is it a good idea?

In some cases, like with Microsoft 365, or Google apps, or Adobe Creative Suite, it is a moot point; if you want to use the software, you do things their way.  That said, just like most things there are pros and cons, but in a nutshell:  SSO is a powerful tool that can increase online security and make using apps a lot more user friendly.   

The Pros:

• SSO works really well in organizational situations where an IT team is managing a suite of approved applications.  Fewer passwords means fewer lost passwords for IT to fix, and if an employee leaves, changing one login will completely lock them out of the system.
• SSO makes things easier for end users, both in not having to constantly keep logging in, and in having fewer passwords to remember.
• It lessens the chances of phishing, and fewer passwords mean fewer hackable access points.

The Cons:

• SSO really needs to be paired with MFA (Multi-Factor Authorization) to make sure the login is legitimate, because:
• If the login does get cracked or hacked, the intruder has the proverbial "keys to the castle."
• Be especially careful using SSO provided by social networks, such as Facebook, for third-party applications, they can be less secure.

So where does that leave us?  Mostly, just being aware that SSO exists, and when you are using it, being thoughtful about when and how you log in and log out.  SSO or not, use good password practices and make good decisions :) 

Any questions about good password practices?  Revisit Part 1 , Part 2, and Part 3 in our Bad Passwords series.

Thanks for reading!