Passwords are at the heart of most authentication mechanisms in use today. They are the keys that companies use to protect their most vulnerable information from cyber criminals and malicious insiders alike.
The problem with simple password-based authentication is that it no longer serves the intended purpose as well as it used to. Even small companies now use multi-cloud systems and allow their employees to log in to them from various remote locations. The more passwords employees use, the more likely they are to reuse the same ones and resort to other bad practices, which is why password-related breaches are so common.
MFA vs. SSO
To go beyond simple password-based authentication, companies can implement multi-factor authentication (MFA) and single sign-on (SSO). In this article, we explain what these two different but complementary authentication methods are and why taking advantage of them is such a good idea.
What Is Multi-Factor Authentication (MFA)?
Multi-factor authentication, or MFA for short, is an authentication method that requires the user to provide at least two pieces of evidence in order to be granted access to a protected resource, such as a cloud service.
The pieces of evidence that can be used as authentication factors can be grouped into four categories:
- Something the user has: various physical authentication tokens
- Something the user knows: unique information like a PIN code or a personal identification number
- Something the user is: all kinds of biometric information, from fingerprints to retina scans
- Somewhere the user is: the user’s physical location obtained using GPS and other technologies
Most computer users today are personally familiar with multi-factor authentication because a growing number of websites enable it by default. Many banks, for example, don’t even allow their customers to access internet banking without setting up MFA first—and for a good reason.
According to Microsoft, MFA alone can block over 99.9 percent of account compromise attacks because it ensures that a weak, lost, or shared password isn’t enough to obtain access to a protected resource. At least one additional authentication factor is necessary, and stealing it is anything but easy.
Unfortunately, MFA isn’t without its drawbacks. Perhaps the biggest drawback is how inconvenient it can be for users to enter two or more authentication factors every time they log in.
What Is Single Sign-On (SSO)?
Single sign-on (SSO) is an authentication method that addresses the same problem as MFA (account compromise attacks) but from a different angle.
Instead of introducing additional layers of security, SSO makes it easier for users to follow password best practices by allowing them to log in with just one set of credentials to all of the enterprise applications they need for their daily tasks.
For example, Google uses SSO to let users sign in just one time to get access to all their Google Workspace enterprise cloud applications, such as Gmail, Google Drive, and Google Docs.
Unsurprisingly, employees love the productivity-boosting and frustration-reducing benefits of SSO, but cybersecurity experts like to criticize the authentication method for increasing the negative impact of credential leaks and misuse.
Businesses Can Combine MFA and SSO
When MFA and SSO are combined, their biggest downsides (the need to constantly enter multiple credentials and the increased negative impact of credential leaks and misuse) effectively cancel each other out.
There are many ways in which MFA and SSO can be combined. For example, employees can be required to enter their passwords together with their biometric information at the start of the day. From there, the company’s SSO solution can take over and continue granting access throughout the workday.
A change in an employee’s location, web browser fingerprint, or IP address can trigger additional verification using MFA as an extra security precaution.
Conclusion:
Traditional password-based authentication has reached its limits in the day and age of cloud computing and hybrid work arrangements. To prevent password-related data breaches, companies can take advantage of multi-factor authentication to add extra layers of protection. They can additionally combine MFA with single sign-on to make the authentication process more convenient.
To learn more about these increasingly popular authentication methods, get in touch with us at TechGen.