If you’re like most in IT, you’re dealing with two competing directives: keep workers productive and corporate data secure. Why competing? Because security requires that employees and contractors use secure passwords for their many applications. But secure passwords usually aren’t easy to remember.
The KISS (Keep It Simple Stupid) model doesn’t work for traditional passwords. Because simple and easy-to-remember passwords are simple and easy to hack. (123password, anyone?) So, as an IT professional, you must require longer passwords with a good mix of numbers, special characters, and upper and lowercase letters. Preferably, those passwords are randomly generated, too.
Yeah, right. Users are going to love that.
You can’t compromise on security
The risks are too great to require anything less than strong passwords. Cybercriminals are just getting more and more sophisticated in their strategies, even using machine learning approaches to uncover passwords. And if your company is breached, the cost is high:
- An average of $3.86 million worldwide and $7.91 million in the United States.
- Underperformance in the stock market for years to come.
- Lost customers and reputational impact.
- And probably lawsuits.
No matter whose password is compromised or how, IT is the one to blame. Because security is IT’s job.
Complex passwords can create greater security risks
The thing is, requiring complex passwords can actually make you less secure. That’s because people are people and there is no magic wand to improve their memories. So, if you require strong passwords that are changed regularly, employees will resort to practical measures. They’ll:
- Write passwords on Post-Its
- Text or message the password to themselves—using social media platforms, even
- Keep passwords in a spreadsheet
- Email themselves that pesky password
Or they simply forget the password and request a reset. Over and over again, adding up to lost time and money as your IT staff spends minutes resetting user passwords.
On top of this is the constant challenge of more and more applications being added for you to manage and constant staff changes. The password problem just keeps growing.
There has to be a better way
And there is. It’s called single sign-on ,( SSO).
SSO is as close as you can get to ridding yourself of passwords altogether. With SSO, instead of a password for every application, users have one password to remember. With that single sign-on each day—using that single password—they get access to all their applications. SSO using SAML (Security Assertion Markup Language) authentication is the key to enabling users to log in once with one password and throw away all the rest.
- Yes, access to cloud apps.
- Yes, access to on-prem legacy apps.
- Yes, access to Office 365.
- And, yes, access with SSO even when Active Directory is your system of record.
Sure, that single password has to be secure. And users will be prompted to change it regularly. But if they forget it, SSO enables automatic password resets, removing IT as the middle guy. And users have a much easier time remembering one, complex password than many passwords.
SSO makes IT’s life easier, workers happier, and your organization more secure.