Product Details
Product Rating
AssureAccess
Cams
Citrix MetaFrame Password Manager
Entrust GetAccess
eToken Enterprise
eTrust Single Sign-On
Novell Nsure SecureLogin
Secure Access Manager
Trinity Secure Sign-On
For its wide range of features aimed at the larger enterprise, Best Buy goes to Evidian Secure Access Manager. Recommended is Novell Nsure SecureLogin for offering a wide range of features in the simplest way by leveraging existing directory services.
Single sign-on (2004)
9vz8comp1, 327word, n37w0rk – who can remember and manage all today's secure passwords? Geoff Marshall reviews products that are designed to help
The biggest security weakness in computer networks is poor password selection. In many organizations, employees have to remember between five and ten passwords, and have to change them as frequently as every 30 days. Remembering passwords is a problem, and companies find that up to 20 percent of helpdesk calls are password-related.
Many users try to choose the same username and password for all the systems they need to access. This synchronization of passwords is often not possible, because different applications might have different and conflicting password construction rules. Also, usernames have to be unique within each system, and this puts further constraints on users who might be using systems administered by outside agencies or business partners, as well as their own company's internal systems.
So users must manage an overwhelming number of username and password combinations. This leads to poor security as users choose obvious passwords to make them memorable. It also leads to users forgetting passwords – a time-consuming problem for everyone.
When users cannot remember passwords, they try to keep track of them on paper, or use the same password for all applications. Users require simplified sign-on, using a single, convenient authentication method across all of their applications.
Administrators need central management of user privileges and strong authentication of users.
What is single sign-on?
Single sign-on (SSO) is designed to solve problems caused by multiple passwords and the time-consuming nuisance of multiple logins. SSO enables enterprise network users to access all authorized network resources seamlessly, based on one authentication performed when the user first accesses the network.
SSO is a convenient technology for end users, but stronger security is required to protect this 'single point of entry' to the enterprise.
Without strong authentication to protect sign-on, a single static password might be the only security protecting access to an organization's resources. Fortunately, SSO also makes it easier to implement strong authentication using smart cards, fingerprint biometrics, onetime password tokens, passwords, or a combination of these methods.
Benefits of SSO
SSO can provide managers with better administrative control. All SSO-specific information is stored in a single repository – usually a database or directory service. This means there is a single, authoritative listing of each user's rights and privileges. This enables the administrator to change a user's privileges and know the results will propagate network wide. It also means that, when rights are revoked, all privileges are revoked immediately.
It improves productivity, as users do not waste time on multiple logon processes. This lowers helpdesk costs by reducing the number of passwords users have to remember and therefore password resets.
SSO can improve network security
Properly implemented, it enforces strict password policies and provides more secure authentication, because of the consolidation of network management information within a central database or directory service. The administrator can manage user-access rights centrally and simply – ensuring that mistakes are avoided when allocating privileges.
As multiple application passwords are removed from the user's control and replaced by a single, strong authentication process, the risks arising from password sharing, written-down passwords, and password theft are either reduced or completely eliminated.
With SSO, the underlying passwords transmitted to the applications can be cryptic, and they can be changed regularly and generated automatically, according to strong password rules. This enhances security, as these underlying passwords cannot be guessed. All you have to do is ensure that the SSO authentication is secure – ideally by using biometric or multi-factor authentication.
With SSO, this authentication process is easier to secure and manage as you have to implement it in only one place – not separately.
What to look for
An SSO solution must be flexible enough to meet the changing needs of the organization. The new software must be easily installed and configured for SSO. It must be seamless to the user. It must accommodate mobile, remote and roaming users, who must be able to access their SSO credentials and update them if necessary. It must be easy to manage, rapid to deploy, and fault tolerant. It should have an open architecture that uses industry standards in order to be compatible with existing software, user databases and public key infrastructure (PKI).
It must support strong multi-factor authentication of users. The password storage and playback mechanism must not allow for stealing secrets. Usernames and passwords must be encrypted and stored in a secure database. Finally, SSO must save money and reduce the cost of ownership to provide a rapid return on investment.
