The recent Okta hack has caused many businesses to take another look at their authentication protocols. This incident is a good reminder that SSO is not enough—but there are simple ways to mitigate your risk.
Enterprise SSO provides multiple benefits for your organization. For example:
However, in recent years it’s become clear that SSO protocols are not a magic bullet. They have many limitations—and can’t reliably protect your employee credentials for all accounts by themselves.
Here are some aspects that admins need to consider:
From a security perspective, SSO also creates risks. If not managed properly, your SSO protocols can open doors for hackers. For instance, an employee’s leaked or compromised SSO credential provides an entry point to all the employee’s accounts. From there, an attacker can gain access to various sensitive business systems within your organization.
Cybercriminals evolve their techniques by adapting to new trends. Centralizing identity into a single system makes your SSO tool an attractive target for hackers. They only have to breach one vendor to get potential access to numerous customers and user accounts. The recent breach of Okta is an illustration of that risk.
This risk is not limited to your employees. Other insiders—contractors, interns, and business associates—who can access your critical systems are at risk, as are any third-party services plugged into your internal infrastructure. All those users and third-party systems are potential vectors. In the case of Okta, the breach reportedly came from a vendor providing customer support to Okta users.
SSO remains an effective authentication technique when paired with robust security. The best way to secure all your logins is by integrating SSO into a password manager. Password managers are a more universal solution that works with any online service or cloud and web application.
A password manager also provides additional security on the long tail of services that SSO cannot cover.
In addition to implementing a password manager, complement your SSO solution with robust two-factor authentication (2FA). 2FA significantly reduces your risk of stolen and leaked passwords.
A solution like Dashlane makes it easy to integrate and manage 2FA with capabilities such as:
When you implement a password manager, your adoption rate depends on having a user-friendly solution. This is important because a low adoption rate by employees will still leave your non-SSO logins highly exposed. When you’re considering a new solution, look for one that’s recognized for its consumer design and user-friendliness.
Also, look for additional features that can boost your security. Dashlane, for instance, offers password health scores and Dark Web Monitoring. Password health monitoring helps employees proactively improve their password hygiene, while enabling admins to monitor scores across the business and raise awareness about best practices. And with Dark Web Monitoring, employees receive immediate alerts when their credentials appear on the dark web so they quickly change passwords.
The market offers a wide variety of tools for securing your business. But securing credentials doesn’t have to be complicated—simple ways to mitigate SSO risks are just as effective when implemented properly.
For more insights about remote working, check out our new e-book, The Dashlane Guide to Hybrid Work.