Fight Password Fatigue

In a 2002 NTA Monitor survey, it was found that the typical intensive computer user had, on average, 21 passwords. This includes everything from a PIN number on a bank card to a Windows password to their personal e-mail. Password fatigue is the phenomenon of feeling overwhelmed by the need to remember all of them. To combat this, many users have found coping strategies. For example, they often create a list of passwords in a file, or even put them on post-its stuck to their terminals. All of this undermines the security policies that the passwords were created to enforce.

One way in which companies have tried to solve this problem is through the use of Single Sign-On (SSO). Single Sign-On (SSO) is a property of certain access control systems that requires users to log in only once to gain access to all systems. Users have a seamless experience from the moment they log in to when they log out. They save time and only need to remember one username/password combination.

Single Sign-On greatly reduces the complexity of accessing multiple applications for the user, but can pose a challenge to the development team. Each of the applications that you may wish to incorporate has its own separate authentication system. A SSO solution must not only store, but translate the different credentials to each authentication mechanism. To integrate these diverse programs can be a large headache for a developer.

Active Directory (AD) is often a key resource to integrate in SSO systems for user authentication purposes. SSO & AD can be a winning combination if:

a) All users have a Windows account
b) All windows accounts are defined in the same directory or group of directories (forest).
c) The security level provided by Windows authentication complies with the security requirements. For highly confidential applications, Windows authentication might need to be complemented by a second type of authentication (smartcard, biometric…).

For information on how you can use Visual Guard to implement SSO with or without Active Directory, click here.