What is Single Sign On (SSO)
Read about IBM X-Force Threat Intelligence: ibm.biz/BdPL8U
Be honest: You have lots of passwords to remember and you "cheat" by using the same one on multiple sites. Or by writing them down. That's a real security risk! In this video, Jeff Crume explains how a much better option, Single-Sign On or SSO, can help you manage a mountain of passwords without compromising security.
Get started for free on IBM Cloud → ibm.biz/ibm-cloud-sign-up
Subscribe to see more videos like this in the future → ibm.biz/subscribe-now
Пікірлер: 53
I am enjoying this channel every time
Short and precise ❤
This was very helpful and well explained. Thank you!
Good work.. we're getting there step by step..
Wow! This is so good! Perfectly explained
Worth it... Bravo 👏
Beautifully explained
This is so informative. Thank you for making this video.
@jeffcrume
4 ай бұрын
Thanks for watching!
Thank you sir
thank you ! :)
Let's always do good 🙏
Good solution but it has a flaw. It's better for hackers to steal SSO of many users and get access to their services throw attacking single SSO. However all says that SSO is highly protected and blah-blah but it will be cheaper to find vulnerabilities and attack a single service instead of a couple ones. Like it was with lastpass.
@jeffcrume
Жыл бұрын
No solution fixes all problems in security. The goal can't be perfection or we will always fail. The goal has to be to continue to make the system more secure. Absolute secure doesn't exist with an operational system. The question should be, is it more secure as a result?
@ClaudioBOsorio
Жыл бұрын
LastPass is server dependent. Something like Enpass allows you to have the encrypted SSO that you can store anywhere you like. If hackers get to it it's because you misplaced your password manager file
@CenturionKenshin
Жыл бұрын
@@jeffcrume In my opinion, in security - damage control is more important, including the limitation of attack spread. Everything that has access, doesnt matter how secure will be broken at some time. So I think it is more important detect it in time and limit the damage than building the walls.
@jeffcrume
Жыл бұрын
@@CenturionKenshin which is why MFA can help here. If implemented well, it would be very hard for an attacker to get all credentials if they have to defeat a strong authentication solution first
Wow ..this is awesome . Sir ,i have completed my course on cyber security law ..it's so interesting...hope i will get a job soon so that i can explore and learn more about it and contribute positively to securing the cyber space ..
@jeffcrume
Жыл бұрын
Best of luck to you Nair!
Isn't single point of failure more related to availablity. What if the SSO application goes down or is not accessible?
@jeffcrume
Жыл бұрын
There can be different kinds of failures -- availability is certainly one type. A well architected SSO solution would have failover capabilities so it has no single point of failure from an availability standpoint as well
nice explanation
What about keypass?
Isn;t this identity federation? I thought the SSO is the contract between the client (browser) and the IDP so that if different systems use the same identity provider for authentication, they can login without explicitly authenticated.
@jeffcrume
4 ай бұрын
That’s certainly one way to do it and the most common one when you are crossing identity domains that you don’t directly control. However, there can be SSO within an org across its various sites as well that may not require federation protocols
P1=P2=Pn, and what will make the user not do PA=P1=Pn ..., but PA != P1 != Pn in the SSO case ?
@jeffcrume
Жыл бұрын
They could but why would they? The SSO system could actually set different pw’s for each system automatically so it would actually require more effort for them to override this and result in lower security and no apparent benefit
@Terabyte1244
7 ай бұрын
@@jeffcrume Hi, but wouldn't the PA password provide access to all three systems anyhow? If they have the PW to SSO, surely the access to all systems will be given? Won't the systems assume that the user is who they are because they have password PA?
SPoF here is the guy with the smile :) and always will be. SSO makes it easier to get one password to rule it all and MFA would not help, if guy_with_the_smile's butt is on fire :)
@shapshooter7769
Жыл бұрын
SSO is supposed to be coupled with permissions. That way the higher the privilege of a given account, the stricter the protocol needed to use that account.
@jeffcrume
Жыл бұрын
Humans are usually the weakest link, for sure, but with well implemented MFA and other controls, you lessen the likelihood that the user is compromised or, inadvertently contributes to the compromise. A malicious user intent on harm is a different matter. This is where oversight with things like User Behavior Analytics can help
@CenturionKenshin
Жыл бұрын
@@jeffcrume I just like to get to/put to extreme in/for hypothetical situations. User Behaviour Analytics can help to some degree indeed but in this case we might probably would talk about damage control.
@CenturionKenshin
Жыл бұрын
@@shapshooter7769 PAM is good, but again if entry point is the user(I'm not talking user doing it willingly), one can not do anything even with PAM.
Please..... Please... Please
Does anyone watch this video just to learn english like me?
@jeffcrume
Жыл бұрын
I hoping it is helping you in that regard as well, although, my English is not always the best. Just ask my high school Grammar teacher ... 😂
@GuruGulabKhatri973
8 ай бұрын
No
Isn't SSO like his third example. The SSO password gets compromised, it will provide access to the rest.
@jeffcrume
Жыл бұрын
That’s why you should use multi-factor authentication to get into the SSO system. That way the compromise of a single password doesn’t result in compromise of the whole system
@rahuljayekar2685
8 ай бұрын
@@jeffcrume Yes but then we can use MFA in first case as well correct? Use same password for all the systems with MFA. We're back to square one. How do you respond to this question?
@alienwareCL
8 ай бұрын
@@rahuljayekar2685 without SSO, u will need log-in in all webs independently
SPoF is when sso stopped working, not when someone figured user’s password.
@jeffcrume
Жыл бұрын
Failure comes in many forms. Failure of the system to be available, failure of the system to produce the intended results, failure to complete a task in a reasonable time or failure to keep information secure are just a few examples
I don't considera myself a super smart person, but sometimes I can't understand why people can't figure our some very simple solutions. Just create a sead with about 6 to 8 characters like j%7&=83. Now, of you need to create an account in Google, take the first 2 and last 2 letters, and glue them to your seed: GOj%7&=83LE. Of you are creating ot in Yahoo, then YAj%7&=83OO. There. You have virtually one password per website and you just need to remember one thing (the seed). No need for vault, no need for SSO. Why this is not obvious to everyone is beyond me.
@walterclementsjr.5947
Жыл бұрын
what if you need to change 1 password? you break your formula. "oh that's fine I'll make another one." how do you keep track of all the new 20 formulas? you write them down. again. use a vault for god's sake.
@carlosmccrary9036
Жыл бұрын
Because if someone discovers that seed and the method of creating passwords then they’ll just recreate that process when attempting to log into these other accounts.
@jeffcrume
Жыл бұрын
The problem is that if anyone sees one or two of these passwords, the formula is pretty easily determined and, therefore, can be extrapolated to other systems. This might be an option for very low security systems where the cost of compromise is negligible, but insufficient for really sensitive stuff.
I swear we have a lady that calls in almost every 3-4 days that she has forgot her main Windows login password. How is that even possible? Are people really that stupid?
@jeffcrume
Жыл бұрын
I think you answered your own question 😂
SSO is NO Longer SAFE! HELL, WHAT IS?🤔🤔
@jeffcrume
Жыл бұрын
There is no such thing as absolute security on any system that is operational. It's always a question of risk analysis, which was the subject of this video ... kzread.info/dash/bejne/qqiTpcatps3IlJc.html
Password manager solves this, Bitwarden solves this. Wasted my time
@dumchikdum7967
Жыл бұрын
+ it's e2e encrypted, bitwarden for the win