Single sign-on seems to be one of the holy grails of enterprises today. But, what a lot of companies do is to rush in without reading the fine print. This is something that I have seen first hand in several corporations and now RSA Security has released research to back this up. To say nothing of the fact that RSA has an SSO of their own, but, a lot of companies buy solutions for ease without asking the right questions. And this can be best illustrated by purchases that do not encrypt passwords well, if at all.
However, RSA raised concerns that only 11 per cent of organisations using enterprise single sign-on combine the system with strong authentication.”Password resets continue to demand considerable IT resources which are purely a cost centre for UK businesses,” said Tim Pickard, a spokesman at RSA. “However, businesses also need to be mindful of the security implications.”
In a tangent to this, I have seen network monitoring software such as Halcyon that’s not centrally managed and the agent username and password are in CLEAR text. In this day and age is there any excuse for this behaviour?
[tags]Single Sign On, Passwords, SSO, Security Threat[/tags]