Anyone who spends a lot of time on the Internet knows the problem: dozens of websites, forums and shops require log-ins, which mostly consist of a username and password. And then there are the passwords for the computer, the router, cloud accounts and many other services. In short: Password chaos is inevitable with intensive network and service use. But there is a solution: the so-called single sign-on (SSO).
Single sign-on makes a lot of things easier
The single sign-on makes it possible to access a whole range of services with just one login. For example, there is the option of being able to access all network drives and servers directly by logging on to a work computer. This technology is also available for the Internet, which is offered by Twitter, Facebook and Google (“Register with Google”), for example, and which makes registration superfluous after a user account has been linked to the respective service. By the way: Apple now also allows this technology in the TV app and Apple TV. The access data from services such as Netflix, Amazon Prime or other streaming providers are stored in the app. Once logged in to the TV app, you can also access the other services.In the future, Apple will also offer a log-in service in the style of Google and Facebook, with the difference that this completely dispenses with tracking..
Single sign-on: this is how it works
In order for something like this to work, the single sign-on technology uses a trick: Either the access data is stored centrally somewhere, for example in a cloud. Or rights must be assigned to the respective service via a third-party tool, such as is the case with "Log in with Google". The user then receives a so-called token, a unique access key that is set for each end device. In the web browser, this is usually assigned in the form of a cookie; on PCs, Macs and mobile devices, third-party solutions such as NetID or ID4me are used. There is also the option of storing keys on USB sticks or connecting the SSO to the presence of a Bluetooth smartphone. Important for all services: unlike a password manager, for example, the target software must support the login method, i.e. a website or app must also offer the single sign-on service so that it can be used. Since new providers are constantly appearing on the market, a solution for all services is desirable - but unfortunately not available at the moment.
These are the advantages of single sign-on
Nonetheless, single sign-on has enormous advantages over logging in with a username and password. It starts with the fact that only one user name and password combination has to be maintained, which in many cases enables a secure password for the single sign-on service. Despite all reminders, even experienced users often repeat their username-password combination or vary the password only minimally, for example according to the scheme “Password1”, “Password2”, “Password3” and so on. This of course offers many points of attack for phishers and other online villains who can guess the password variants quite easily and thus take over accounts. This problem is unnecessary with single sign-on: The user can concentrate on a secure password,that (at least in theory) enables access for all services..
Password security is the be-all and end-all
This is exactly what creates a major problem with single sign-on: If the password is badly chosen and the service does not offer any additional security networks - such as two-factor authentication - the gain in security is reversed. Attackers only need to tap into one username and password combination in order to then have access to all accounts of a user. That is why the many SSO procedures offer a time lock in addition to the computer-based token: If the PC or service is not used for a while, it is automatically logged off. Another problem is the availability of the SSO service itself: If this is not reliably available, the user has no way of accessing his accounts. The token itself is also a potential point of attack,the administrators and users may have to pay close attention. In addition, with the single sign-on, the question of a central single sign-out automatically arises: when you log out of the computer, for example, the connections to the services must also be automatically cut.
Single Sign-On: How do I use it?
Overall, however, with single sign-on, the advantages outweigh the disadvantages. However, users should make sure to choose a service that meets the necessary requirements for security and data protection. In case of doubt, Facebook and Google are not the ideal candidates here, but these services can also be significantly better protected against attacks by optimizing security - such as two-factor authentication . What is important about all single sign-on solutions is broad support, which unfortunately only a few services are currently able to provide. It is therefore to be hoped that in the future large players such as Microsoft and Apple will provide a remedy with easy-to-use and less data protection problematic solutions..
