{"id":199,"date":"2020-02-24T09:01:44","date_gmt":"2020-02-24T09:01:44","guid":{"rendered":"https:\/\/www.itminister.co.uk\/blog\/?p=199"},"modified":"2020-02-24T09:01:44","modified_gmt":"2020-02-24T09:01:44","slug":"multi-factor-authentication-and-single-sign-on-explained-requestinformation","status":"publish","type":"post","link":"https:\/\/www.itminister.co.uk\/blog\/multi-factor-authentication-and-single-sign-on-explained-requestinformation\/","title":{"rendered":"Multi-Factor Authentication and Single Sign-On Explained RequestInformation"},"content":{"rendered":"\n<p>The simple combination of a user ID and password is no longer good \nenough to protect our most vulnerable information. Identity theft, data \nbreaches, malware, and malicious actors mean that digital security must \nevolve to stay one step ahead of security threats.<\/p>\n\n\n\n<p>Strong, reliable security in a modern government, non-profit, SMB, or\n enterprise environment isn\u2019t just important today; it&#8217;s mandatory.<\/p>\n\n\n\n<p>The best security must take into account the needs of the  organization and the employee, balancing protection, encryption, and  ease-of-use.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is multi-factor authentication?<\/h2>\n\n\n\n<p>MFA uses several different factors to verify a person\u2019s identity and \ngrant access to various software, systems, and data. Typically, MFA \nsystems use two or more of the following tools to authenticate \nindividuals:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>What you know:<\/strong> a password, personal identification number, or recovery questions<\/li><li><strong>What you have:<\/strong> a smartcard, FIDO token, one-time password (OTP), Bluetooth device, Apple Watch, or some other authenticator<\/li><li><strong>Who you are:<\/strong> a biometric authenticator, such as a fingerprint or face recognition<\/li><li><strong>What you do and where you\u2019re at:<\/strong> location-based \nauthentication using GPS, IP address, or Integrated Windows \nAuthentication (IWA) and how you type (keystroke biometrics)<\/li><\/ul>\n\n\n\n<p>The advantage of multi-factor authentication is that, in most \ncases, it\u2019s very secure. The combination of a password, physical token, \nand biometric can significantly reduce the risk of data and software \nbreaches.<\/p>\n\n\n\n<p>However, if MFA has some advantages in securing user logons, it also  has the reputation \u2013 sometimes well earned \u2013 of being a bit difficult to  manage. Users need to be provisioned with the second factor (the first  they memorize). For some end users, even setting up a mobile phone to  receive a one-time password via text message can be an imposition.  Still, MFA is safe for most organizations to lock down their networks  and applications against unauthorized access.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is single sign-on?<\/h2>\n\n\n\n<p>The concept behind single sign-on is very straightforward\u2014users carry\n out a master sign-on to authenticate themselves at the beginning of \ntheir work period. Then, whenever they need to log into another piece of\n software, the SSO solution logs in on their behalf. The SSO solution \ninternally stores the various credentials for every piece of software \nusers need to access and then validates the users with those systems \nwhen they need to be accessed.<\/p>\n\n\n\n<p><strong>The advantages of single sign-on include:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Users only have to remember one password at all times. Although \nthey may be required to enter credentials for other systems \noccasionally, there\u2019s significantly less effort needed.<\/li><li>Extra security, such as biometric authentication, can be added to \nthe initial single sign-on or accessed via a USB token, soft token or \nsimilar encryption device. MFA comes into play here.<\/li><li>SSO is quick and convenient for the end user. It saves time by not \nrequiring them to spend time logging into many different applications.<\/li><li>Risks for access are reduced in some instances. For example, \ncredentials for third-party applications could be stored internally \nrather than on external systems.<\/li><li>There are fewer calls to the service desk for password resets, reducing IT support resource needs.<\/li><\/ul>\n\n\n\n<p><strong>Disadvantages of single sign-on:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>If a hacker, malicious actor, or malware gets SSO access, that compromises any systems used by SSO.<\/li><li>SSO must be deployed with strong encryption and authentication methods to prevent this from happening.<\/li><li>Loss of availability of SSO systems means a user will not be able to  access any other systems, becoming a single point of failure.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">The best of both worlds\u2014combining SSO and MFA<\/h2>\n\n\n\n<p>MFA and SSO are both coming at the issue of security and authentication from different areas.<\/p>\n\n\n\n<p>SSO is more convenient for users but has higher inherent security \nrisks. MFA is more secure but less convenient. What are the two areas \nthat can be combined to provide a solution that is both convenient and \nsecure?<\/p>\n\n\n\n<p>That\u2019s the way the security and encryption industry is moving. Again,\n it\u2019s about the evolution of security. Some of the new approaches being \ntested and used include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Requiring secure MFA sign-on at the start of the day, similar to an SSO solution.<\/li><li>Granting continued access to authenticated users throughout their workday.<\/li><li>Requiring additional verification using MFA based on specific criteria, including:<ul><li>Access to the most sensitive systems.<\/li><li>Changes in user behavior as detected by software.<\/li><li>Using criteria such as location, role, seniority, and the like to determine when new authentication is needed.<\/li><li>Using algorithms to request additional credentials in certain use cases smartly.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p>The convenience of SSO combined with the security of MFA  gives businesses security posture and confidence. In addition, providing  users with the efficiency and ease that MFA and SSO offer means less  password resets and help desk calls. <a href=\"https:\/\/www.hidglobal.com\/blog\/multi-factor-authentication-and-single-sign-explained\">Source<\/a><\/p>\n\n\n\n<p>iTM covers all aspects of cybersecurity from Home cyber security managed  solutions to automated, manage threat intelligence, forensic  investigations and cyber security training. Our objective is to support  organisations and consumers at every step of their cyber maturity  journey.<a href=\"https:\/\/www.itminister.co.uk\/contact.html\"> Contact Us<\/a> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>The simple combination of a user ID and password is no longer good enough to protect our most vulnerable information. Identity theft, data breaches, malware, and malicious actors mean that digital security must evolve to stay one step ahead of security threats. Strong, reliable security in a modern government, non-profit, SMB, or enterprise environment isn\u2019t &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.itminister.co.uk\/blog\/multi-factor-authentication-and-single-sign-on-explained-requestinformation\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Multi-Factor Authentication and Single Sign-On Explained RequestInformation&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","beyondwords_generate_audio":"","beyondwords_integration_method":"","beyondwords_project_id":"","beyondwords_content_id":"","beyondwords_preview_token":"","beyondwords_player_content":"","beyondwords_player_style":"","beyondwords_language_code":"","beyondwords_language_id":"","beyondwords_title_voice_id":"","beyondwords_body_voice_id":"","beyondwords_summary_voice_id":"","beyondwords_error_message":"","beyondwords_disabled":"","beyondwords_delete_content":"","beyondwords_podcast_id":"","beyondwords_hash":"","publish_post_to_speechkit":"","speechkit_hash":"","speechkit_generate_audio":"","speechkit_project_id":"","speechkit_podcast_id":"","speechkit_error_message":"","speechkit_disabled":"","speechkit_access_key":"","speechkit_error":"","speechkit_info":"","speechkit_response":"","speechkit_retries":"","speechkit_status":"","speechkit_updated_at":"","_speechkit_link":"","_speechkit_text":""},"categories":[22,21],"tags":[],"class_list":["post-199","post","type-post","status-publish","format-standard","hentry","category-multi-factor-authentication-mfa","category-single-sign-on-sso"],"_links":{"self":[{"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/posts\/199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=199"}],"version-history":[{"count":1,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/posts\/199\/revisions"}],"predecessor-version":[{"id":200,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/posts\/199\/revisions\/200"}],"wp:attachment":[{"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}