Businesses are leaving themselves exposed to potential security breaches by deploying enterprise-wide single sign-on technology without deploying stronger authentication.
A survey of more than 400 firms in the UK, Germany and Italy found that only 10% of companies that had implemented single sign-on technology had deployed it with either smart tokens or smartcards to secure their systems.
And, out of 40% of firms that planned to deploy the technology in the next two years, only 25% planned to deploy any sort of strong authentication, the research by US-based online security group RSA Security found.
“Before, you had six or seven applications with different passwords. If one password was compromised that meant one application was compromised. In a password management solution, if one is compromised they all are compromised,” said Tim Pickard, RSA Security area vice-president.
Graham Titterington, an analyst at research firm Ovum, said strong authentication was the ideal solution. However, he said that organisations did not necessarily face higher risks by moving employees to a single password.
“The counter argument is that the more passwords you have, the more chances there are that some will go astray, and more people will be inclined to write them down because they cannot remember them,” he said.
The survey concluded that UK organisations were more aware of the security risks of single sign-on technology than those in Germany and Italy.
The research suggested that enterprise single sign-on systems could save IT departments up to £800,000 a year by reducing the amount of calls made to helpdesks over forgotten passwords.
More than 60% of the firms surveyed said they had seen a reduction in helpdesk calls after deploying single sign-on.
However, businesses cited cost and implementation difficulties as the main reasons for not deploying the technology, while organisations in the UK also cited security as a barrier.
Read article: London NHS trust set for biometric single sign-on