Financial Institutions Need to Know the Dangers of Single Sign On

The world of cybersecurity is marred by a long-standing and vicious battle between two critical needs: convenience and safety. Single Sign On (SSO) represents the best of both for numerous financial institutions, simplifying access to multiple accounts with a single set of credentials.


Customers can harness SSO to access and switch between different financial services seamlessly – after all, entering a password is just an annoying interruption. But SSO’s one-to-many architecture means that a breach in one account can provide attackers access to all linked resources. Add weak passwords and susceptibility to phishing attacks into the mix and you get a concerning concoction.


In the eyes of IT support teams, SSO is an operational dream. It reduces the workload required for password reset requests and makes tracking and reporting user access easier for compliance purposes. The centralized control over application access can reduce the risks associated with unauthorized software usage.

Weak Spots in SSO Coverage

SSO’s broad applicability, however, doesn’t necessarily make it the ideal solution for many financial institutions.

Legacy Systems

SSO supports multiple cloud-based applications, but custom-built, proprietary, and legacy systems often lack the necessary interfaces or protocols to integrate with modern SSO solutions.

The Weak Link of Passwords

Passwords are highly susceptible to brute force and phishing attacks, with credentials frequently sold on the dark web​​. Passwords alone don’t verify the user's true identity, making it easier for attackers to impersonate legitimate users.

Diverse Application Environments

SSO can struggle to uniformly cover all platforms in organizations with a mix of cloud-based and on-premises applications. Different applications may have varying security and integration capabilities, creating potential vulnerabilities in an SSO setup.

Third-party Applications

Financial institutions often have limited control over third-party applications’ security and authentication protocols, and each one will likely use varied authentication standards that may not be compatible with the institution’s SSO solution.

Mobile Applications

Older or less frequently updated mobile apps might not support SSO, forcing users to manage separate credentials for these apps. Implementing SSO in mobile environments must address concerns like lost or stolen devices, unsecured network connections, and user experience on smaller screens.

Three Steps for SSO Security

1.    Multi-factor Authentication (MFA)

Adding identity verification like MFA should ideally mean verifying the person's actual identity against a trusted record, like biometric data or document scans. Hence, the MFA system knows that the access request is genuinely from the authorized user.

2.    Adopting a Zero-Trust Approach

Adopting a zero-trust approach in the context of SSO means not automatically trusting any user inside or outside the network. Every access request requires dynamic reauthentication based on changing risk factors, like unusual login locations or times, to prevent unauthorized access even if a user’s primary credentials are compromised.

3.    Harness Security Analytics

Security analytics can detect anomalies in user behavior. It makes SSO more dynamic and responsive to threats, identifies digital assets not covered by SSO, such as custom-built and legacy applications, and provides passwordless access where possible.

Proper security measures, regular maintenance, and user education can significantly mitigate the risks of SSO, making it a valuable tool for many financial institutions. But caution and proper security steps must always be addressed.


About Author:

Dotan Nahum is the Head of Developer-First Security at Check Point Software Technologies.  Dotan was the co-founder and CEO at Spectralops, which was acquired by Check Point Software, and now is the Head of Developer-First Security. Dotan is an experienced hands-on technological guru & code ninja. Major open-source contributor. High expertise with React, Node.js, Go, React Native, distributed systems and infrastructure (Hadoop, Spark, Docker, AWS, etc.)

Want to keep reading? This content is for subscribers only.

Login Subscribe