Say you are on the Gmail login page and the web browser, as always, has auto-filled the username and passwords fields for you.
This is convenient because you can sign-in to your account with a click but because you have not been typing these saved passwords for a while now, you don’t even remember the Gmail password anymore.
All web browsers, for security reasons, mask the password fields in login forms behind asterisk characters thus making it impossible for passersby to see your secret string.
There’s however an easy workaround that will let you convert those asterisks into the actual password and you don’t need any external utilities or bookmarklets for this. Here’s how:
Single-Sign-On (SSO) is a user-authentication process, in which the user signs in to one screen name, and it makes multiple applications or websites unlocked or logged-in. Usually, the system will have conditional measures that will know what a certain user has access to, permissions, etc., and be able to provide the services. Now, the question brought to attention is, what are the advantages and disadvantages of single-sign-on?
- In the healthcare industry, it could be booming with single-sign-on. If a doctor were to need to sign-on to a database to access a patient’s files, he/she would also have to access x-rays, and other data that would be on a different application. Having a single-sign-on for all that would be life-saving and totally worth it. Not only that, but hours of saved time.
- Apps such as OneLogin provide easy-access to tons of accounts across the board, particularly social media. It says on their site that they are supporting “identity & access management for the cloud”.
- Could work wonders for those with disabilities. Having a disability may limit you from typing a lot of words at one time, or typing fast enough. If a single-sign-on system were in place, one login means much saved time.
- Reduces the chance of forgetting your password. By having your one-set master password, it will be a lifesaver to not have to remember a ton of passwords.
- Reduces IT help desk costs, by reducing the number of calls to the help desk about lost password.
- Newer technologies are being implemented to help detect the attempt to hack a certain system, in which it would lock out the hacker from the remaining systems. But, this has more studying to prove how good it works.
- Vulnerability problems, such as with authentication, privacy keys, etc.
- The lacking of a backup stronger authentication, such as smart cards or one-time password tokens.
- The SSO is a highly-critical tool to keep up always. If the SSO goes out, the user would lose access to all sites.
- It would be critical to have a good password, one that is very hard to crack. With the reduction of accounts, particularly the fact that SSO is in play, it’ll be easier to find and hack accounts. Once the SSO account is hacked, all others under that authentication are hacked as well.
- SSO is bad news for a multi-user computer, especially if the user stays logged in all the time. This is more prevalent of an issue in plant operations, business floors, etc. where multiple users can access the computer (if the original user left their desk).
Examples of current implementations
- Log-in with Facebook
- Log-in with Twitter
- Log-in with Linked-In or Apply with Linked-In
- ANGEL Learning Systems
And many more.
Worth reading: Building and implementing a SSO solution
Overall, the usage of SSO systems are good and bad. Based on your organization or personal life, it is your choice on whether to use it or not. Based on how potentially problematic it may be, you will have to be on your toes about a lot of it. But, I guess the time you save trying to figure out or remember your passwords, you can spend on staying guard for SSO systems.
If this has saved you money or your organization money, or potentially provides savings, please donate to further our cause.
Today, it has been discovered r00tbeersec making its return with the hack on Philips. As we reported yesterday, r00tbeersec is a new hacking group apparently wanting to make a grand entrance in to the hacking world. Plaintext passwords were revealed in the hack against Philips. First AMD…now Philips. For those who don’t know, Philips is a Dutch-based technology extraordinaire.
Anyway, Philips is the victim of a few small SQL database leaks. Maybe a few skiddie SQL hacks. In the databases that were leaked, phone numbers, passwords and hashes, and even addresses were leaked. These databases were storing plaintext passwords, which is known to be quite a vulnerability. Those passwords should be in encrypted databases, not in plaintext.
Of course, poorly chosen passwords were found, just like a poor database (unencrypted). All in all, their company was just waiting/asking to be attacked, per speculation. And of course, r00tbeersec wanted to show off their 200,000 spilled email addresses.
In case you’re wondering, password security is still a problem. Read more here.