SSO and Password Management Best Practices

David Ting
Feb 03, 2012

Imprivata’s Geoff Hogan authored an article for Security Technology Executive last month titled, “Passwords in Peril” that delves into the password management conundrum that organizations face with the growing number of applications that employees use daily. While the article summarizes succinctly the helpdesk costs issue, employee productivity and the data security vulnerabilities that a runaway password management problem causes, it also highlights effective single sign-on (SSO) strategies and tactics to overcome these challenges.

I wanted to take this opportunity to pull out a couple of SSO and Password Management best practices that Geoff covered, while adding a couple more.

When Choosing an SSO Solution:

  • Scrutinize your real business issues before engaging. Technology can only truly help if it is guided to solve the right problems; an undirected experiment without clear goals won’t lead to long-term benefit for vendor or buyer and will result in wasted cycles.
  • Choose a solution that is easy to deploy without modifying your existing infrastructure. If anything goes awry, there is no “Easy Button” to undo expensive custom code or change policies without severe headaches or business interruption. Be sure the undo is as easy has the deployment.
  • Make sure an SSO solution fully supports the management of multiple strong authentication methods. This provides the flexibility to segment employees and empower them with the specific user authentication they’ll quickly adopt while ensuring the appropriate levels of security.

When Deploying an SSO Solution:

  • Don’t recreate the workflow wheel. Making employees change their daily behavior and jump through security hoops is a surefire way to stifle adoption, and you’ll find users trying to circumvent the system. Make SSO easy for employees to embrace by minimizing change.
  • Regularly conduct educational sessions. While SSO should be inherently easy to use, educational sessions for employees around company polices and the technologies that support them are key to getting buy-in and making secure authentication the new status quo.
  • Find the internal influencers. Every organization has people that set the tone, regardless of level. Get them on-board with how easy SSO is and how it improves productivity, and the rest will follow their lead. Understanding the social influences within a business can help affect positive change.

These are just a few tips. What other best practices do you follow?

--David