Find White Papers
Home About Contact Help
Free Membership Member Login
Dec 1, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Password Management vs. Single Sign-On

IDFocus
By : IDFocus
INFORMATION
Published : Jan 11, 2006
Length : 12
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :
In the Identity Management space, there are 3 leading applications: Web access control, single sign-on, and password management. All three are trying to solve the problems associated with the exponential growth in the number of password every individual manages in today's IT environment. This growth introduces security problems, ease of use complexities, and tremendous operational costs. The white paper describes in detail password management, single sign-on, the differences between them, the costs associated with deploying them, and their associated business values. The document also describes two alternative approaches to combining these solutions.
View All Items By This Company
Browse Related Categories :

Identity Management

,

Password Management
 
1 EXECUTIVE SUMMARY

Single Sign-on (SSO) and Password Management (PM) systems exist within the larger context of Identity Management architectures and systems. This framework includes Web Access Control, Delegated Administration, as well as User Provisioning, web-based user self-service, and directory services. The emergence of SSO and PM systems is driven by several important trends in corporate information technology (IT):

- IT processes have grown in number and complexity, fueling the growth of complex user-management problems

- Business processes' dependency on information technologies has caused a rapid increase in the number of user accounts

- Business environments are changing: organizations have opened their information systems to vendors, customers, and suppliers, significantly increasing security risks and support costs

- Because of the three factors above, the sheer number of data security problems has increased.

- Sarbanes-Oxley, HIPPA, and other security and audit regulations require public companies and/or entire market sectors to monitor and control access to data on a person-by-person and function-by-function basis.

The IT industry has responded to the need by developing a host of solutions that vary in architecture, strengths, weaknesses, advantages, and disadvantages. These include Single Sign-on (SSO), Password Management (PM), and other solutions.

An SSO solution allows the user to log in only once, and provides access to multiple applications without the user having to log into each application separately. A normal PM system would maintain the same password across multiple applications, but the user would have to log into each application separately.

SSO solutions are normally more expensive to deploy, maintain, and the ROI generated by them is soft. However they are normally easier to use for the end user and they normally manage their password repositories in a very secure manner.

PM solutions are more operational thus the ROI generated is significant and they are easier and cheaper to deploy and maintain. PM solution will address users problems such as how to reset my password? How to unlock it? Etc. However, they are more cumbersome for the end user as they require multiple logins.

Concurrent with the rise of various Identity Management architectures and systems is the rise of methodologies to support the implementation of such systems. IDFocus' IDMology is one such methodology. To learn more about IDMology, please see our whitepaper titled "IDMology: A Coherent Identity-Management Methodology" or contact IDFocus.

2 INTRODUCTION

SSO and PM systems exist within the larger context of Identity Management architectures and systems. This framework includes Web Access Control, Delegated Administration, as well as User Provisioning, web-based user self-service, and directory services.

Is it really possible to allow users to access all information systems using one password? If it is possible, what are the challenges and risks associated with doing so?

What, then, are the alternatives to meet these escalating challenges?

3 SINGLE SIGN-ON (SSO)

The main trigger for this product was the growing pain associated with multiple logins. As the enterprise grew in complexity, and even more so with the introduction of enterprise portals and Web applications, the average number of logins a user would have to remember grew significantly.

People use the term "Single Sign-on" for both Web only single sign-on and web + legacy single sign-on. For the sake of clarification, we focus in this article on Web + legacy SSO. The other type, Web access SSO is also called Web Access control, and we address it in another paper.

3.1 WHAT IS SSO?

As described above, Single Sign-on (SSO) systems allow users to log in only once, providing access to multiple applications without the user having to log into each application separately.

This capability greatly enhances system usability and the general user experience, as well as improving overall user efficiency. These applications may be web based or non-web based.

3.2 SSO ADVANTAGES

SSO provides a single login requirement for all applications -- not only Web based, but also potentially legacy and other enterprise applications.

SSO enables stronger overall authentication, since policies are embedded into the system and the user is less exposed to authentication routines.

Improved user productivity, because the average user spends less time entering passwords and potentially dealing with password-related issues

3.3 SSO DISADVANTAGES

SSO implementation and integration costs are significant, requiring significant budgetary commitment.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map