Maggie Radtke 08.19.2021 3 min read

Improving Security with SSO and MFA

Usernames and passwords are the foundation of almost every application we use and every network we access. But simply entering your username and password is no longer enough to prevent hackers from getting in. 

As cyber threats become more complex, companies need to adapt. Implementing single sign-on (SSO) and multi-factor authentication (MFA) is a fairly easy way to do that.

To protect both your employees and your organization, Huntress highly recommends implementing both SSO and MFA. When combined, SSO can help limit employee frustration and increase password strength, while MFA allows for verification of user identity prior to them logging into any application or network you want to maintain tight control over.

Let’s dive into each and see what makes the SSO + MFA combo so strong.

What is Single Sign-On?

Single sign-on, or SSO, is when applications or websites allow a person to log in using an already trusted third party to verify that the user is who they say they are. 

You’ve probably encountered this before. Most sites today offer the option to log in with Google or another trusted account.

Slack SSO exampleHubSpot SSO example

 

 

 

 

 

 

 

 

 

 

 

3 Reasons to Implement SSO:

1. It can provide a less frustrating and more streamlined experience for users. With SSO, users can access multiple services without pausing to enter new credentials or guess which credentials are for which site.

2. You can significantly increase the strength of user passwords because people only have to remember a single (hopefully complex) password, creating fewer opportunities for a password to be lost, stolen or reused.

3. SSO decreases administrative and IT costs because less time will be spent resetting passwords—buying back more time that can be spent on more strategic tasks or projects.

What is Multi-Factor Authentication?

Multi-factor authentication, or MFA for short, is an authentication method that requires users to provide two or more verification factors before granting access. 

Rather than just asking for a username and password, MFA requires additional verification factors, which decreases the likelihood of a successful cyberattack. These factors can include knowledge (something only the user knows), possession (something only the user has) or inherence (something only the user is).

MFA requires additional verification factors

3 Reasons to Implement MFA:

1. Over 80% of data breaches caused by hacking in 2019 involved brute force or the use of stolen or lost credentials. Systems with simple username-and-password combinations are hacked at an alarming rate, causing them to be incredibly vulnerable.

2. If passwords are stolen but MFA is enabled, the thief won’t be able to penetrate the system without the additional authentication needed to access the account.

3. There are several ways to implement MFA, allowing you to make the best decision for your employees and your IT environments.

Why You Should Use Both MFA and SSO

Implementing both allows organizations to improve security without creating a completely crappy experience for their users, while also making it easier to monitor network activity.

Let’s face it: passwords are a vulnerability. It’s tough for people to remember the complex, multi-character passwords that almost every application requires today. So wouldn’t it be so much easier to remember just one? One solid, complex and hard-to-guess passphrase that is.

With SSO, that one passphrase is all a user has to remember. But of course, SSO means fewer potential entry points for hackers—and once they’ve cracked the code, the doors have opened to all the user’s other accounts and applications. This is why requiring an additional authentication layer with MFA is so important.

Cybersecurity is a challenge for IT departments across all industries. Not only are expectations getting higher, but the workforce is also evolving with new technologies and an ever-expanding global ecosystem. That means the risks are high as well. But combining SSO and MFA allows you to have a bit more peace of mind while protecting your organization or managed environments.

At Huntress, we’re acutely aware of how hackers are getting smarter and evolving their tradecraft. So, we need to ensure that we’re implementing changes to make it that much harder for attackers to access an application or network. That’s why the Huntress platform is enabled for both multi-factor authentication (MFA) and two-factor authentication (2FA).

If you’d like to learn more about enforcing MFA and 2FA, read our support article here

Start your Huntress trial

avatar

Maggie Radtke

Perpetual Learner. Travel Enthusiast. Head of Product Marketing & Partner Enablement at Huntress.