Single sign-on passwords pose security threat
Companies are running a huge security risk by not encrypting passwords for systems that use a single sign-on, a security vendor has claimed.
Research from RSA Security shows that companies are attracted to the ease of enterprise single sign-on technology because it reduces the number of helpdesk calls.
However, RSA raised concerns that only 11% of organisations using enterprise single sign-on combine the system with strong authentication.
“Password resets continue to demand considerable IT resources which are purely a cost centre for businesses,” said Tim Pickard, a spokesman at RSA. “However, businesses also need to be mindful of the security implications.”
RSA claimed that the trend will only get worse, as 40% of those surveyed plan to implement enterprise single sign-on within the next two years, but only a quarter plan to use it in conjunction with strong authentication.
“When implementing this technology, companies need to ensure that strong authentication is in place to verify who the user is without the fear of compromise,” said Pickard.
RSA’s research found that the most common strong authentication technology is time-synchronised hardware tokens, followed by smart cards.
Research from analyst group Gartner claims that up to 30% of all helpdesk requests are to ask for lost passwords, costing businesses up to $1.5 million (EUR*1.16 million) every year.