What are Multi-Factor Authentication (MFA) and Single Sign On (SSO)?

17 April 2020

… and how do you get the best of both worlds?

Traditional passwords are a serious threat to IT security. People may reuse or share their logon details, and cyber criminals are busy trying to steal them.

As your IT systems become more complex, authentication mechanisms become even more important. Multi-Factor Authentication (MFA) and Single Sign On (SSO) are mechanisms to ensure your identity and access management setup is secure. In this article we explore the features and flaws of MFA and SSO and explain how you can get the best of both world by combining them.

What is Multi-Factor Authentication (MFA)?

“MFA relies on the user’s normal credentials and at least one other item of information.”

Probably one of the most secure logon technologies, MFA relies on the user’s normal credentials and at least one other item of information. In many consumer apps, the secondary authentication is provided by a short code that is sent via SMS to the user’s mobile phone.

This means that even if the username and password are stolen, hackers cannot use the credentials without also stealing the second authentication – and that is much harder to accomplish.

Security can be further increased by adding more layers of authentication, such as smartcards and biometrics, but this exposes the problem with MFA: user experience. Waiting for secondary authentication can be slow and cumbersome, and sometimes confusing for less tech-savvy users – especially when they have to use MFA to log into many different systems throughout the day.

What is Single Sign On (SSO)?

SSO solutions are designed to address the problem of password proliferation. Instead of having to supply credentials to every application, people log on once with a master password; the SSO system then takes care of all further authentication requirements during that session.

Obviously end users love SSO – they only have to remember one password. SSO is also quick and seamless in operation, allowing users to transition between applications quickly.

However, if a user’s master password is compromised, the security implications are massive. Now cybercriminals can access multiple systems, allowing them to steal large amounts of your most sensitive data. Clearly your IT team needs to carefully consider those risks before deploying SSO.


Combining MFA and SSO to get the best of both worlds

Ultimately the optimal solution is to combine MFA and SSO to increase perimeter security while simplifying authentication throughout the rest of the day. For instance, US government bodies use a PIN-protected smart card reader attached to their computers; once the card is attached and authenticated during initial login, SSO takes over and allows the user to navigate between applications and platforms without requiring further authentication.

Smart cards are just one way to approach the challenge of enabling an authentication system that is secure yet user-friendly. For consumer-facing applications it may be preferable to use the biometrics systems built into people’s smartphone for initial logon. Because people must first log in into their phone and again into your app – both times with a pin, fingerprint or face scan – you are bringing MFA into play.

How your business decides to implement or improve authentication and security will depend on the specifics of your environment. There are several ways to combine MFA and SSO to create a seamless, secure authentication system.


Your authentication is in safe hands with Condatis

Having worked with a variety of global organisations on identity and access management solutions, our team of specialists is on hand to provide consultancy and development services tailored to your situation.

Understanding that different scenarios require different approaches, we will work with you to build solutions that are quick, secure and user-friendly.

For instance, we offer an “Identity Health Check” consultancy service, in which we:

  • Analyse customer identity data stores​
  • Assess identity data store security (fit for purpose)​
  • Map the (as-is) customer experience journey​
  • Map application access by level of Risk​
  • Establish a Trust Framework model​
  • Map the (to-be) customer experience journey​
  • Create the plan to succeed (build plan)​
  • Establish baseline analytics you need to measure success​

If this sounds interesting, please give us a call or email to learn more about your options.


Ready to implement Single Sign On (SSO) and Multifactor Authentication (MFA) at scale?

Speak to the Condatis team to implement secure authentication methods that keep your data safe.