Password vaulting versus single sign-on (SSO)

Which is better, a password vault or single sign-on?

SSO solutions vs. password managers

What is a password vault?

A password vault, also called a password manager, is a program that stores usernames and passwords for multiple applications in a secure location and in an encrypted format. Users can access the password vault via a single username and password. The password vault then provides them the password for the website they are trying to access.

Consumers often use the password manager built into Chrome or Safari, for example. In those cases, Google or Apple stores your password information. Businesses may buy a password management tool. (Note that some password managers will also generate more secure, random passwords, called one-time passwords [OTPs], for the user for each site.)

App passwords stored in a password vault App passwords stored in a password vault

What is single sign-on?

Single sign-on (SSO) is a secure solution that provides employees access to company apps and websites by asking them to sign in just once a day, using one username and password. When you sign in to a website through Facebook or Google, you’re using a type of SSO. In a business setting, employees usually have access to their company’s apps through SSO as an identity and access management (IAM) solution that uses the company’s directory, such as Microsoft Active Directory, Azure Active Directory, or a directory provided by the SSO solution.

Newly-provisioned user authenticating using SSO Newly-provisioned user authenticating using SSO

Which is better, SSO or password vaults?

In general, SSO is considered more secure and easier to use than password vaults. As part of an IAM solution, SSO eliminates the need for employees to maintain multiple passwords, easing the burden on users. It also reduces the frequency of logins and the number of credentials stored, reducing the attack surface for cybercriminals.

When businesses begin to implement stricter password requirements, they often start with password managers. For example, an organization might require that passwords are changed frequently, use random characters, or be longer. Since these more complex passwords are harder to remember, the organization may buy a password manager that employees can use to store them in an encrypted, relatively secure environment.

But most organizations quickly outgrow password managers. For one thing, password managers introduce a new problem: employees must add password management to their list of tasks. Password vaults also don’t solve the problem of app proliferation, and they still require users to waste time logging into each app. Since 68% of users report having to switch between 10 different apps every hour, that’s a lot of wasted time.

Single sign-on systems let users log in just once, with one set of credentials, to access all apps. SSO systems often use the business’s identity provider, such as Active Directory, for added security. And they use standard, widely accepted protocols, such as SAML or OAuth, and technologies like digital certificates to provide enterprise-level security.

SSO is more secure because passwords aren’t being passed around. Instead, after users log in, the SSO system passes tokens to the app or website requesting authentication. Many SSO solutions also work across both on-prem and cloud apps and websites, providing seamless and secure access across corporate systems.

Related Resources:

Why Is SSO Important?

Learn the benefits of single sign-on.

Learn More

How Does SSO work?

Understand the technology of single sign-on.

Learn More

OneLogin SSO Solution

Find out how OneLogin supports single sign-on.

Learn More