Single Sign-On for Dummies
Single sign-on is a buzzword, and it has been in the computer-based industries for a while now. But, what is the exact mechanism behind single sign-on? Why do we trust it so much?
There are a lot of questions around this topic, and this is completely understandable — anyone would have questions when their sensitive data is at stake. And, since we keep digitizing every possible piece of information, the problem of cyber security is looming over all of us.
Technical writers have their own security concerns — not all user manuals are meant to be read by any unauthorized person. So, let’s see for ourselves what’s so good about SSO.
Why Single Sign-On Appeared
Well, basically, single sign-on was born out of common sense — as the number of platforms that required a password grew, it became really hard to keep track of all the passwords. While using the same password repeatedly for a lot of services is considered a really bad practice (and rightfully so, this approach multiplies vulnerability of your data), having, at first, dozens, and then hundreds of passwords to remember…this is pure nonsense.
Some people have a password-protected file that holds all their passwords. This seems neither safe nor convenient either.
And, this is where SSO comes to play.
How Single Sign-On Works
So, in general, using SSO authentication means that you are using some third-party tool to authorize everywhere. Well, not literally everywhere, but we will talk about some security-related limitations your SSO provider can pose later.
SSO providers, as a rule, represent some big and trustworthy companies like Google, Facebook, Microsoft, SalesForce. However, the market has been developing quickly, so, if you dive a bit deeper, you will see a lot of players less known to the general public like Okta, OneLogin, AuthO and more.
A single sign-on provider is the tool that will ‘vouch’ for you to authorize on a website or a service. This means that your password will be known only to your SSO provider, and you won’t have to give any credentials to a service directly.
A good example of how single sign-on works is Google. You, most likely, already using your Google account to log in to more than just Google-related apps.
But how safe is this whole process? What information exactly is being passed from an SSO provider to a service? We can say right away that single sign-on is considered a safe and convenient approach to authentication by the majority of IT professionals, technical communicators included. But let’s get into the nitty-gritty.
How Safe Single Sign-On is
At first, the idea of an SSO provider sharing your personal information with any service you choose to log in to feels uncomfortable. What if the service turns out to be some kind of a scam? You wouldn’t want to expose you online documentation portal to the danger of being hacked just because, at some point in time, you felt too lazy to come up with one more password. In reality though, your single sign-on provider doesn’t share a lot with services — it gives away only a limited piece of information about you.
However, there are cases when your SSO tool can not only identify you to a service, but also give it permission to act on your behalf. Like, for example, Twitter does when it allows other services to post tweets in your account.
Trustworthy single sign-on providers will always notify you about the amount of information they are going to disclose to a service. Besides, there might be services your SSO provider simply won’t trust.
Okay, that’s what we have on the SSO side. But can you make this whole process safer yourself? Sure you can.
There are a couple of obvious ways to make SSO more secure:
- Create a strong password with at least eight characters. It should consist of upper- and lowercase letters, digits and symbols.
- Use multi-step verification: push messages, phone calls, SMS messages, fingerprinting, USB keys, etc.
As good as it sounds, some pitfalls still exist, of course. You can lose or forget your password, or the SSO services can be down not allowing you to log in anywhere. Well, life is tough, did no one mention this to you? :) Jokes aside, if we weigh up risks and benefits, we can see that using SSO is totally worth it.
Single sign-on is a technology that emerged very timely, and it is making the web more secure and easier to use at the same time.
The times when you had to memorize dozens and dozens of passwords are coming to a close. Nowadays, if you want to log in to, for example, your ClickHelp portal, you can do so by simply choosing to authenticate with your single sign-on provider, as simple as that!
Good luck with your technical writing!
Author, host and deliver documentation across platforms and devices
Originally published at https://clickhelp.com.