It’s really annoying when you have to type passwords numerous times. Sure, you could use a password manager, but many of us don’t trust password managers even for less important passwords. After all, if a password manager gets hacked, all your passwords are exposed, and this could lead to hell. Even more, I guess many users aren’t even aware password managers exist. There is no way other than entering your credentials millions of times a day? Not quite – sometimes SSO could be an option to make your life easier as far as passwords are concerned.
What is SSO?
Put simply, SSO is a technology that allows you to log in once and gain access to a connected system of sites/networks, without the need to provide credentials for each of them. You should have seen the “Sign in with Facebook” button on some sites. With your Facebook login you can now create an account or log in to many sites without having to set up different usernames and passwords for each of these sites. This is one example of SSO.
Similarly, when you log in to Gmail and then go to another Google service, you don’t have to log in again. This works, too, when you choose to “Login with Google” on sitea that implement SSO with Google. You can check out the SSO definition in Wikipedia if you want to know more about it.
Advantage of SSO – Convenience
Since you don’t have to remember multiple passwords, this improves the user experience and productivity! Even if SSO had no other advantages, this alone is more than enough.
Disadvantage of SSO – A single failing point
The problem with SSO is that you are only using one set of login credentials with many sites. If your password gets compromised, multiple sites/systems are affected. This password becomes a single high-value target, and quite naturally hackers will put more effort into hacking it. Protecting your SSO credential has now become more important than before.
Should I Use SSO or Not?
Nobody can answer this question for you! Now, after you know the advantages and disadvantages of SSO, you can decide for yourself. SSO isn’t a security risk by default. Not protecting your login details is. Sometimes you are forced to use SSO even if you don’t like it. Some sites offer only SSO login with no other alternatives of registering an account. A good site will offer SSO (e.g. login with Facebook, G+, or any other third party) in addition to their own login mechanism. In this case you can choose. If they don’t offer this choice, your only alternative is to not use the site at all if you are not comfortable with SSO. Basically, you don’t use SSO even if it is offered as an option when you deal with sensitive data. There are many cases when SSO is totally out of the question. For highly sensitive data such as bank accounts, or anything else where security is of paramount importance, not to mention those cases when two-factor authentication is required (e.g. a password and a security token), don’t even think about SSO. On the other hand, if you are logging into a site for fun (e.g. a social network, a forum, or a news site) and you don’t keep sensitive data there, you might consider SSO. Even if your password gets compromised, this usually doesn’t result in any real damage. It might be unpleasant to have your Facebook account hacked, but it’s nothing compared to a hacked bank account or a nuclear system!