Why Online Security Needs the One-Two Punch of SSO and MFA

Cyber criminals continue to score knock-out, after knock-out, with the revelation of every new corporate data breach. The interconnected world in which we now live demands that companies provide 24/7 access across a multitude of disparate technology platforms, systems, applications and devices―which creates a myriad of ever-changing challenges for IT professionals to provide the necessary security and access controls to proactively secure online accounts, information, transactions and interactions from login to logout.

Passwords, regardless of how complex, are no longer enough to protect companies from data breaches, online fraud and other cyber attacks. The susceptibility of passwords is a recurring theme in breach after breach. On average, business employees manage nearly 200 individual passwords, so it’s no surprise that the majority of confirmed data breaches are due to compromised passwords.

Compromised login credentials represent big business for cyber thieves, as millions of usernames and passwords are increasingly stolen and sold through the Dark Web each year. However, more and more companies have thankfully turned to multifactor authentication (MFA) to provide a necessary level of secure corporate access based on multiple data parameters and other factors derived from end users’ login attempts. However, less technically advanced versions of MFA often disrupt the end-user experience and, used as a standalone, have not proven to be enough to identify and stop today’s chameleon-like fraudsters from unauthorized access to sensitive data and personal information.

Single Sign-On (SSO) technology has emerged recently that allows enterprises to more easily and securely manage access to sensitive data while giving users a simplified way to manage logins with one click, and only one set of credentials. These solutions provide a much-needed balance of benefits not only for the business itself, but also for end users requiring corporate access, whether they are employees, clients or partners.

Business Benefits:

• Replaces integration with easy configuration
• Strengthens security with safer, stronger credentials
• Reduces IT administration overhead costs
• Supports compliance and governance protocols
• Improves employee productivity

User Benefits:

• Reduces the number of passwords to remember
• Eliminates frustration with password recovery/reset
• Provides one-click convenience in managing credentials
• Assures authenticated access by the legitimate user
• Consolidates logins across devices and applications

However, SSO solutions do still involve the combination of a username and password so a natural risk associated with comprised credentials still does exist.

Time for Enterprises to Deliver a Series of Body Punches

The majority of IT professionals would be the first to tell you that controlling access and verifying user identities are two things that keep them up at night. According to the 2018 Verizon Data Breach Investigations Report, two of the top-five patterns in confirmed security incidents and data breaches come from misuse of privileges and unauthorized web application access.

Previously, companies have mistakenly viewed MFA and SSO as an either-or solution when in reality the combination of the two gives enterprises a convenient AND secure means to thwart cyber criminals. While a number of online security vendors do offer both, many outsource their MFA, which reduces the amount of control companies have and tends to drive prices higher. Enterprises looking for the strongest one-two punch should consider providers that offer a proven, cost-effective SSO solution―with its own proven MFA technology built in. For example,

Digital Resolve’s MFA is a proven solution that’s been in use by financial services organizations since 2004, including a top-10 North American bank.

Combining SSO and MFA represents the next evolution of online fraud protection and identity intelligence, and one that can easily be strengthened by other security measures such as behavioral monitoring and analytics.

Employing strong, reliable and frictionless security is the new normal for today’s enterprises, allowing them to go from flyweight to heavyweight in the fight against cybercrime.