Backup Your Passwords with a Single Sign-on Portal
Ahmed Sharaf Cybersecurity Automation
SOAR / SIEM / XDR / ZTNA / IAM
This is a follow on to a previously published post and response to an article I reviewed this morning regarding fingerprint bio-metrics for authentication.
I became aware of such impediments some time ago having navigated a critical experience. I believe it will be some time until we can completely eliminate passwords if ever. System Administrators know fail safe passwords will continue to exist for some time. As you illustrate in the article, breakage between fingerprint authentication does occur and such a mechanism has yet to be broadly adopted.
The problem can be further compounded with two factor authentications particularly if end-users do not retain their backup codes. Given the magnitude we all rely on software-as-a-service (SaaS) applications this is potentially an enormous exposure and business impact to productivity. One possible answer is a password locker, however that is still subject to an isolated system and potential hacks or system failure. Further, the majority of users have not encrypted their local hard drives, thus in the era of Ransomware it could be disastrous maintaining a password locker on an unencrypted hard drive. Unfortunately, most users do not even use password lockers. More often than not what I see are non-password protected (or encrypted) spreadsheets used in a capacity they were not purpose built for.
Contrary to popular belief, creating and recalling complex passwords has very little to do with increasing our capacity to do so. I believe increasing password complexity and retention capability has to do with learning a new behavior. It involves the ability to install a simple browser plugin and the ability to generate, cut and paste and capture the credentials via a browser.
A single sign-on (SSO) portal enables an end-user to capture their credentials using a browser plugin. To further enhance the protection of your online password locker (the SSO portal), this can be protected by two factor authentication (2FA) minimizing the number of complex passwords a user needs to retain and permitting the browser plugin to log them in automatically after having authenticated via the SSO Portal.
Install browser plugin
Authenticate with SSO Portal
Navigate to the site you want to subscribe or already have a subscription
Former - use password generator to create a complex password (I use extremely long complex passwords). Copy and Paste the password into you subscriber profile and save. You can either manually set the password in the SSO portal or go to the site and when requested copy and paste the password into the browser plugin. You will likely never have to do this again or only when needed.
Later - Assumes you already have a subscription and the application is a sanctioned application in the SSO Portal. All you have to do is navigate to the site and capture your credentials.
Notes:
The above procedure assumes you do not use the same password for multiple sites and applications. This is known as password isolation and will greatly enhance your personal security.
This is a simple Generate/Cut/Paste/Capture procedure.
Perform for 21 days to build new behavior (migrate your existing passwords)
There are those which realize this capability exists today in most major browsers, however recently there are new hacks which can permit an intruder to manipulate your browser and decrypt the passwords. Although this has yet to happen on a large scale, we must acknowledge that this is potentially a huge threat vector and will impact some of our largest companies, IE. Microsoft, Google and Mozilla. and have vast implications. A single sign-on portal performs generally the same function although your credentials are not stored in the local browser and are protected from system failure and further secured by two factor authentications.
My conclusion has been that there is no silver bullet at this time and some of us will always have to rely on passwords in order to make authentication simpler for the majority. A simple adjustment from relying on memory (or post it notes and the like) to adjusting a behavior helps to increase the probability of enhanced security.
At Xband Enterprises, we have loaded over 1,600 of the most widely used business application which are pre-configured for our client to sanction or approve for use in their environment. We have enabled the capability to also add custom applications.
Or visit us online to learn more at Xband Enterprises, Inc.
Drop us a note, we would love to answer your questions.
@TiotBiz #EmbeddedSecurity #ToYourSuccess
SOAR / SIEM / XDR / ZTNA / IAM
7 年This is now a reality: https://bit.ly/2qrhR51
SOAR / SIEM / XDR / ZTNA / IAM
8 年Deepak George, the previous post was informational this is a direct sales offer: Acquire the minimal service such as a Hosted Exchange email address (using your domain name) and we'll include the SSO portal at no cost!
SOAR / SIEM / XDR / ZTNA / IAM
8 年Hello Deepak George, somewhat similar. Lastpass is not fully integrated SSO client for password resets, Hosted SharePoint, Microsoft Exchange, Skype-for-Business, Office Apps, Server and Desktop Backup and Archiving for compliance. We offer a fully integrated productivity suite to alleviate the client of this burden. Lastpass does not offer 99.999% availability or 24/7 support for SMBs and Enterprises. Please let me know if I may address any questions. Our SSO catalog is pre-populated with 1,600 business apps, thus all is you have to do is approve the applications.
On Career break - spending quality time with family
8 年Seems to be similar operations of Lastpass password manager..MFA is optional for the application..