What is Single Sign On (SSO)
Рет қаралды 51,782
Күн бұрын
@I_Unintentionally_Morph 2 жыл бұрын
I am enjoying this channel every time
@tiamaria4738 2 жыл бұрын
Isn't single point of failure more related to availablity. What if the SSO application goes down or is not accessible?
@jeffcrume 2 жыл бұрын
There can be different kinds of failures -- availability is certainly one type. A well architected SSO solution would have failover capabilities so it has no single point of failure from an availability standpoint as well
@SahadFoundation Жыл бұрын
This is so informative. Thank you for making this video.
@jeffcrume 11 ай бұрын
Thanks for watching!
@God1293 2 жыл бұрын
Short and precise ❤
@anilbangera1 2 жыл бұрын
Worth it... Bravo 👏
@davidearthos6453 2 жыл бұрын
Good work.. we're getting there step by step..
@jamesa4958 Жыл бұрын
This was very helpful and well explained. Thank you!
@elijahlair 8 ай бұрын
Wow! This is so good! Perfectly explained
@agguLi 10 күн бұрын
I like these IBM Videos a lot but as I am new to this topic, I am stuck on some points. Why are there multiple unknown passwords? I thought in SSO, the applications get a token from the idp and verifies it's integrity. So there is no password needed?! The application then knows the user and maps it's identity to the local representation ( roles, permissions etc ). Can you explain that to me pls
@medsalemdeddah8853 10 ай бұрын
Beautifully explained
@shwe2u 2 жыл бұрын
Wow ..this is awesome . Sir ,i have completed my course on cyber security law ..it's so interesting...hope i will get a job soon so that i can explore and learn more about it and contribute positively to securing the cyber space ..
@jeffcrume 2 жыл бұрын
Best of luck to you Nair!
@mms2896 Жыл бұрын
Isn;t this identity federation? I thought the SSO is the contract between the client (browser) and the IDP so that if different systems use the same identity provider for authentication, they can login without explicitly authenticated.
@jeffcrume 11 ай бұрын
That’s certainly one way to do it and the most common one when you are crossing identity domains that you don’t directly control. However, there can be SSO within an org across its various sites as well that may not require federation protocols
@suikast420 2 жыл бұрын
What about keypass?
@cognizant2010 Жыл бұрын
Thank you sir
@megayndx 2 жыл бұрын
Good solution but it has a flaw. It's better for hackers to steal SSO of many users and get access to their services throw attacking single SSO. However all says that SSO is highly protected and blah-blah but it will be cheaper to find vulnerabilities and attack a single service instead of a couple ones. Like it was with lastpass.
@jeffcrume 2 жыл бұрын
No solution fixes all problems in security. The goal can't be perfection or we will always fail. The goal has to be to continue to make the system more secure. Absolute secure doesn't exist with an operational system. The question should be, is it more secure as a result?
@ClaudioBOsorio 2 жыл бұрын
LastPass is server dependent. Something like Enpass allows you to have the encrypted SSO that you can store anywhere you like. If hackers get to it it's because you misplaced your password manager file
@CenturionKenshin 2 жыл бұрын
@@jeffcrume In my opinion, in security - damage control is more important, including the limitation of attack spread. Everything that has access, doesnt matter how secure will be broken at some time. So I think it is more important detect it in time and limit the damage than building the walls.
@jeffcrume 2 жыл бұрын
@@CenturionKenshin which is why MFA can help here. If implemented well, it would be very hard for an attacker to get all credentials if they have to defeat a strong authentication solution first
@shirley6020 6 ай бұрын
So this is safe then, right.is that when you get google mixed numbers letters.! I have concussion why at hospital. Tts bad dr said.
@YavorMarinov-rt9xc Жыл бұрын
P1=P2=Pn, and what will make the user not do PA=P1=Pn ..., but PA != P1 != Pn in the SSO case ?
@jeffcrume Жыл бұрын
They could but why would they? The SSO system could actually set different pw’s for each system automatically so it would actually require more effort for them to override this and result in lower security and no apparent benefit
@Terabyte1244 Жыл бұрын
@@jeffcrume Hi, but wouldn't the PA password provide access to all three systems anyhow? If they have the PW to SSO, surely the access to all systems will be given? Won't the systems assume that the user is who they are because they have password PA?
@AjaySingh-ey7gt 2 ай бұрын
@@jeffcrume Thank you Sir
@IndianDesiTennis 2 жыл бұрын
nice explanation
@ukaszkiepas57 9 ай бұрын
thank you ! :)
@Jhfhfghdghb 4 ай бұрын
Thank you
@Mari_Selalu_Berbuat_Kebaikan 2 жыл бұрын
Let's always do good 🙏
@CenturionKenshin 2 жыл бұрын
SPoF here is the guy with the smile :) and always will be. SSO makes it easier to get one password to rule it all and MFA would not help, if guy_with_the_smile's butt is on fire :)
@shapshooter7769 2 жыл бұрын
SSO is supposed to be coupled with permissions. That way the higher the privilege of a given account, the stricter the protocol needed to use that account.
@jeffcrume 2 жыл бұрын
Humans are usually the weakest link, for sure, but with well implemented MFA and other controls, you lessen the likelihood that the user is compromised or, inadvertently contributes to the compromise. A malicious user intent on harm is a different matter. This is where oversight with things like User Behavior Analytics can help
@CenturionKenshin 2 жыл бұрын
@@jeffcrume I just like to get to/put to extreme in/for hypothetical situations. User Behaviour Analytics can help to some degree indeed but in this case we might probably would talk about damage control.
@CenturionKenshin 2 жыл бұрын
@@shapshooter7769 PAM is good, but again if entry point is the user(I'm not talking user doing it willingly), one can not do anything even with PAM.
@Buzzle420 2 жыл бұрын
Please..... Please... Please
@dmatviychuk 2 жыл бұрын
SPoF is when sso stopped working, not when someone figured user’s password.
@jeffcrume 2 жыл бұрын
Failure comes in many forms. Failure of the system to be available, failure of the system to produce the intended results, failure to complete a task in a reasonable time or failure to keep information secure are just a few examples
@LSM-10tex 2 жыл бұрын
Isn't SSO like his third example. The SSO password gets compromised, it will provide access to the rest.
@jeffcrume 2 жыл бұрын
That’s why you should use multi-factor authentication to get into the SSO system. That way the compromise of a single password doesn’t result in compromise of the whole system
@rahuljayekar2685 Жыл бұрын
@@jeffcrume Yes but then we can use MFA in first case as well correct? Use same password for all the systems with MFA. We're back to square one. How do you respond to this question?
@DantheAgario Жыл бұрын
@@rahuljayekar2685 without SSO, u will need log-in in all webs independently
@messizhao3813 2 жыл бұрын
Does anyone watch this video just to learn english like me?
@jeffcrume 2 жыл бұрын
I hoping it is helping you in that regard as well, although, my English is not always the best. Just ask my high school Grammar teacher ... 😂
@GuruGulabKhatri973 Жыл бұрын
No
@andregomesdasilva 2 жыл бұрын
I don't considera myself a super smart person, but sometimes I can't understand why people can't figure our some very simple solutions. Just create a sead with about 6 to 8 characters like j%7&=83. Now, of you need to create an account in Google, take the first 2 and last 2 letters, and glue them to your seed: GOj%7&=83LE. Of you are creating ot in Yahoo, then YAj%7&=83OO. There. You have virtually one password per website and you just need to remember one thing (the seed). No need for vault, no need for SSO. Why this is not obvious to everyone is beyond me.
@walterclementsjr.5947 2 жыл бұрын
what if you need to change 1 password? you break your formula. "oh that's fine I'll make another one." how do you keep track of all the new 20 formulas? you write them down. again. use a vault for god's sake.
@carlosmccrary9036 2 жыл бұрын
Because if someone discovers that seed and the method of creating passwords then they’ll just recreate that process when attempting to log into these other accounts.
@jeffcrume 2 жыл бұрын
The problem is that if anyone sees one or two of these passwords, the formula is pretty easily determined and, therefore, can be extrapolated to other systems. This might be an option for very low security systems where the cost of compromise is negligible, but insufficient for really sensitive stuff.
@GuruChaz Жыл бұрын
I swear we have a lady that calls in almost every 3-4 days that she has forgot her main Windows login password. How is that even possible? Are people really that stupid?
@jeffcrume Жыл бұрын
I think you answered your own question 😂
@tyrojames9937 2 жыл бұрын
SSO is NO Longer SAFE! HELL, WHAT IS?🤔🤔
@jeffcrume 2 жыл бұрын
There is no such thing as absolute security on any system that is operational. It's always a question of risk analysis, which was the subject of this video ... kzbin.info/www/bejne/rqXCdJeqq8-VmpY
@dumchikdum7967 2 жыл бұрын
Password manager solves this, Bitwarden solves this. Wasted my time
@dumchikdum7967 2 жыл бұрын
+ it's e2e encrypted, bitwarden for the win
Being Notified
Рет қаралды 100
IBM Technology
Рет қаралды 522 М.
Конференция ArchDays
Рет қаралды 2,4 М.