What is your view on the single sign-on solution, is it secure not? On one hand, it is based on SAML (security assertion and markup language) that itself is XML-based but on the other hand, the single breach is enough to provide access to all private accounts on wrong hands.
The single sign-on method is a magical solution through which a user can get access to multiple websites of the same business using one set of credentials.
That means all the accounts are secured with a single password. From the users point of view, it is very convenient to manage and remember one set of credential. They can save their time of authentication and improves productivity. Overall, the solution makes them free from the burden of passwords but these are all achieved at the cost of security.
There are several security issues come with the solution. From the security point of view, using the same password for all the resources is dangerous and IT experts always suggest to keep different passwords for different accounts. The problem with the common password is that if someone gains success in gaining the password, he can access all the other related resources.
The another problem of having the same password is, if the user forgets his password, he can’t access the remaining services until he contacts the support team and requests a new password.
The single sign-on solution is based on the same concept- single password and multiple websites.
So, conceptually, the SSO solution is not secure. But there are several ways to which it can be made secure and minimize the chances of risk. Activating two-factor authentication with SSO password is one of the most secure alternatives. In this, the user has to enter the credentials of the second factor along with the usual username and password.
The technique provides an extra security layer to the SSO solution. Getting credentials of the second factor is impossible. Businesses can also use an application named ReAct, it helps them to reset the password resynchronization process all over the resources.
No doubt, having the single password is not a good choice but with 2FA solution, I am sure the resources are secure enough.