What is Single Sign On (SSO)
Рет қаралды 41,346
Күн бұрынRead about IBM X-Force Threat Intelligence: ibm.biz/BdPL8U
Be honest: You have lots of passwords to remember and you "cheat" by using the same one on multiple sites. Or by writing them down. That's a real security risk! In this video, Jeff Crume explains how a much better option, Single-Sign On or SSO, can help you manage a mountain of passwords without compromising security.
Get started for free on IBM Cloud → ibm.biz/ibm-cloud-sign-up
Subscribe to see more videos like this in the future → ibm.biz/subscribe-now
@I_Unintentionally_Morph Жыл бұрын
I am enjoying this channel every time
@jamesa4958 11 ай бұрын
This was very helpful and well explained. Thank you!
@God1293 Жыл бұрын
Short and precise ❤
@davidearthos6453 Жыл бұрын
Good work.. we're getting there step by step..
@elijahlair 26 күн бұрын
Wow! This is so good! Perfectly explained
@SahadFoundation 11 ай бұрын
This is so informative. Thank you for making this video.
@jeffcrume 4 ай бұрын
Thanks for watching!
@medsalemdeddah8853 3 ай бұрын
Beautifully explained
@anilbangera1 Жыл бұрын
Worth it... Bravo 👏
@shwe2u Жыл бұрын
Wow ..this is awesome . Sir ,i have completed my course on cyber security law ..it's so interesting...hope i will get a job soon so that i can explore and learn more about it and contribute positively to securing the cyber space ..
@jeffcrume Жыл бұрын
Best of luck to you Nair!
@Mari_Selalu_Berbuat_Kebaikan Жыл бұрын
Let's always do good 🙏
@cognizant2010 8 ай бұрын
Thank you sir
@megayndx Жыл бұрын
Good solution but it has a flaw. It's better for hackers to steal SSO of many users and get access to their services throw attacking single SSO. However all says that SSO is highly protected and blah-blah but it will be cheaper to find vulnerabilities and attack a single service instead of a couple ones. Like it was with lastpass.
@jeffcrume Жыл бұрын
No solution fixes all problems in security. The goal can't be perfection or we will always fail. The goal has to be to continue to make the system more secure. Absolute secure doesn't exist with an operational system. The question should be, is it more secure as a result?
@ClaudioBOsorio Жыл бұрын
LastPass is server dependent. Something like Enpass allows you to have the encrypted SSO that you can store anywhere you like. If hackers get to it it's because you misplaced your password manager file
@CenturionKenshin Жыл бұрын
@@jeffcrume In my opinion, in security - damage control is more important, including the limitation of attack spread. Everything that has access, doesnt matter how secure will be broken at some time. So I think it is more important detect it in time and limit the damage than building the walls.
@jeffcrume Жыл бұрын
@@CenturionKenshin which is why MFA can help here. If implemented well, it would be very hard for an attacker to get all credentials if they have to defeat a strong authentication solution first
@ukaszkiepas57 2 ай бұрын
thank you ! :)
@tiamaria4738 Жыл бұрын
Isn't single point of failure more related to availablity. What if the SSO application goes down or is not accessible?
@jeffcrume Жыл бұрын
There can be different kinds of failures -- availability is certainly one type. A well architected SSO solution would have failover capabilities so it has no single point of failure from an availability standpoint as well
@IndianDesiTennis Жыл бұрын
nice explanation
@suikast420 Жыл бұрын
What about keypass?
@mms2896 6 ай бұрын
Isn;t this identity federation? I thought the SSO is the contract between the client (browser) and the IDP so that if different systems use the same identity provider for authentication, they can login without explicitly authenticated.
@jeffcrume 4 ай бұрын
That’s certainly one way to do it and the most common one when you are crossing identity domains that you don’t directly control. However, there can be SSO within an org across its various sites as well that may not require federation protocols
@YavorMarinov-rt9xc Жыл бұрын
P1=P2=Pn, and what will make the user not do PA=P1=Pn ..., but PA != P1 != Pn in the SSO case ?
@jeffcrume Жыл бұрын
They could but why would they? The SSO system could actually set different pw’s for each system automatically so it would actually require more effort for them to override this and result in lower security and no apparent benefit
@Terabyte1244 7 ай бұрын
@@jeffcrume Hi, but wouldn't the PA password provide access to all three systems anyhow? If they have the PW to SSO, surely the access to all systems will be given? Won't the systems assume that the user is who they are because they have password PA?
@CenturionKenshin Жыл бұрын
SPoF here is the guy with the smile :) and always will be. SSO makes it easier to get one password to rule it all and MFA would not help, if guy_with_the_smile's butt is on fire :)
@shapshooter7769 Жыл бұрын
SSO is supposed to be coupled with permissions. That way the higher the privilege of a given account, the stricter the protocol needed to use that account.
@jeffcrume Жыл бұрын
Humans are usually the weakest link, for sure, but with well implemented MFA and other controls, you lessen the likelihood that the user is compromised or, inadvertently contributes to the compromise. A malicious user intent on harm is a different matter. This is where oversight with things like User Behavior Analytics can help
@CenturionKenshin Жыл бұрын
@@jeffcrume I just like to get to/put to extreme in/for hypothetical situations. User Behaviour Analytics can help to some degree indeed but in this case we might probably would talk about damage control.
@CenturionKenshin Жыл бұрын
@@shapshooter7769 PAM is good, but again if entry point is the user(I'm not talking user doing it willingly), one can not do anything even with PAM.
@Buzzle420 Жыл бұрын
Please..... Please... Please
@LSM-10tex Жыл бұрын
Isn't SSO like his third example. The SSO password gets compromised, it will provide access to the rest.
@jeffcrume Жыл бұрын
That’s why you should use multi-factor authentication to get into the SSO system. That way the compromise of a single password doesn’t result in compromise of the whole system
@rahuljayekar2685 8 ай бұрын
@@jeffcrume Yes but then we can use MFA in first case as well correct? Use same password for all the systems with MFA. We're back to square one. How do you respond to this question?
@alienwareCL 8 ай бұрын
@@rahuljayekar2685 without SSO, u will need log-in in all webs independently
@messizhao3813 Жыл бұрын
Does anyone watch this video just to learn english like me?
@jeffcrume Жыл бұрын
I hoping it is helping you in that regard as well, although, my English is not always the best. Just ask my high school Grammar teacher ... 😂
@GuruGulabKhatri973 8 ай бұрын
No
@GuruChaz Жыл бұрын
I swear we have a lady that calls in almost every 3-4 days that she has forgot her main Windows login password. How is that even possible? Are people really that stupid?
@jeffcrume Жыл бұрын
I think you answered your own question 😂
@dmatviychuk Жыл бұрын
SPoF is when sso stopped working, not when someone figured user’s password.
@jeffcrume Жыл бұрын
Failure comes in many forms. Failure of the system to be available, failure of the system to produce the intended results, failure to complete a task in a reasonable time or failure to keep information secure are just a few examples
@andregomesdasilva Жыл бұрын
I don't considera myself a super smart person, but sometimes I can't understand why people can't figure our some very simple solutions. Just create a sead with about 6 to 8 characters like j%7&=83. Now, of you need to create an account in Google, take the first 2 and last 2 letters, and glue them to your seed: GOj%7&=83LE. Of you are creating ot in Yahoo, then YAj%7&=83OO. There. You have virtually one password per website and you just need to remember one thing (the seed). No need for vault, no need for SSO. Why this is not obvious to everyone is beyond me.
@walterclementsjr.5947 Жыл бұрын
what if you need to change 1 password? you break your formula. "oh that's fine I'll make another one." how do you keep track of all the new 20 formulas? you write them down. again. use a vault for god's sake.
@carlosmccrary9036 Жыл бұрын
Because if someone discovers that seed and the method of creating passwords then they’ll just recreate that process when attempting to log into these other accounts.
@jeffcrume Жыл бұрын
The problem is that if anyone sees one or two of these passwords, the formula is pretty easily determined and, therefore, can be extrapolated to other systems. This might be an option for very low security systems where the cost of compromise is negligible, but insufficient for really sensitive stuff.
@dumchikdum7967 Жыл бұрын
Password manager solves this, Bitwarden solves this. Wasted my time
@dumchikdum7967 Жыл бұрын
+ it's e2e encrypted, bitwarden for the win
@tyrojames9937 Жыл бұрын
SSO is NO Longer SAFE! HELL, WHAT IS?🤔🤔
@jeffcrume Жыл бұрын
There is no such thing as absolute security on any system that is operational. It's always a question of risk analysis, which was the subject of this video ... kzfaq.info/get/bejne/rtqPdsel29DGlGg.html
Immersed
Рет қаралды 55 МЛН