What is Single Sign-On?

Single Sign-On allows employees or computer users to automatically gain access to a variety of online apps and services without having to remember multiple passwords. Effectively it acts as a technical go-between – meaning you only need to confirm you are who you say you are once. The alternative without Single Sign-On is to go through laborious password processes for every online tool each time you open it. 

Single Sign-On is good from a privacy perspective because it means employees are less likely to write down or store passwords on their computer (or on paper!), because there are far fewer to remember. It’s also good for efficiency. Every time an employee forgets a password, they will be locked out of the systems they need and unproductive until the busy IT team has solved the issue.

Multi-Factor Authentication

While Single Sign-On reduces the issues of managing multiple passwords, it does also open-up the possibility that someone with bad intentions could gain access to far more data than they would have otherwise (if each application had different passwords). For this reason, it’s a good idea to add another security layer in the form of Multi-Factor Authentication (MFA). This might be a code sent to a verified user by text message, and it ensures that even if a Single Sign-On password is compromised, a cyber attacker still cannot gain access.  

What does the National Cyber Security Centre (NCSC) say?

The NCSC is actively working to reduce organisations’ reliance on employees having to remember lots of complex passwords. It advises that organisations should adopt holistic approaches to security, by combining best practice robust security processes with additional technological defences.  As part of this it recommends using Single Sign-On systems, in partnership with Multi-Factor Authentication.

How can the Privacy Compliance Hub help?

Existing hub users can access advice about the benefits of, and how-to, implement Single Sign-On in their organisation. Simply get in touch with your usual contact (or email support@privacycompliancehub.com) and we will send you everything your technical team needs to know to get Single Sign-On up and running. Our support team is also available to provide any additional help that your technical team requires.

Anything else?

The NCSC has a useful page with wider password guidance. The section on how passwords are discovered, including via ‘shoulder surfers’, social engineering and theft, is particularly interesting. See it here.