Password Sync or SSO?

I’m wondering why organizations are still doing password sync over disparate systems rather than Single Sign On (SSO)?

It seems to me that you’re looking at equal amounts of effort in either case to distribute passwords via Sync or setup an SSO solution.  SSO provides a much better degree of security since even a password gets hacked, you’re not getting the keys to the kingdom.

What makes this even more worrisome is that given the way Password Sync works, some systems are easier to hack than others, simply work on the repository that has the easiest policy.  Invariably this is a mainframe or legacy app that won’t accept mixed case, special or numeric characters. Even a long password’s benefits are rendered moot in these circumstances.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s