Enterprises are putting too much faith in Single Sign-On, which is making breaches worse

News
By published

Putting too much faith in SSO could be fatal for some businesses

Hooded script kiddie taking laptop out of suitcase, prepared to launch DDoS attack. Close up shot of scammer at computer desk getting notebook from bag, starting work on malware script, camera B
(Image credit: Shutterstock / DC Studio)

Single sign-on (SSO) provides a quick and easy means of access across many applications by using a single set of login credentials, and helps employees save time by removing the need to log in to each individual account and removing the need for a password manager.

However, security researchers at Doyensec, in collaboration with Teleport, have found enterprises are becoming over reliant on SSO, and are failing to put in place additional layers of security between SSO and the applications they access.

For attackers, SSO can be a gold mine for infiltrating an organization, making companies reliant on the technology an attractive target for attackers.

 Convenience is putting businesses at risk

In testing performed by the researchers against Azure Active Directory, Entra ID, Google Workspace, Github and Okta, they found that attackers use a wide range of techniques to gain access to an Identity Provider (IdP), including password spraying, access token leakage, prompt-bombing, spear phishing, social engineering, employee bribing, credential stuffing and session hijacking.

“No SSO provider should be assumed to be secure,” Ev Kontsevoy, CEO at Teleport said. “With SSO, if one individual’s identity is compromised, you could be handing over the master key to the castle. SSO does offer considerable convenience, but unauthorized access to one individual’s credentials exposes every platform and service for which that individual has privileges. Without additional defense in place, SSO by itself does not thwart identity-based attacks.”

IDP Threat Vector Tree

(Image credit: Doyensec / Teleport)

A successful attack against an IdP provider, especially if it goes undetected, can result in user impersonation, theft of sensitive company and user data, and the creation of new credentials for malicious use.

In order to mitigate the threats presented by compromised IdPs, the researchers recommend operating on a defense-in-depth model by layering phishing-resistant MFA-based features, access requests and dual authorization to enforce principles of least privilege, and putting mandatory MFA enrollment in place to make it more difficult for attackers to breach systems and move laterally.

“What’s clear is that vulnerabilities in SSO and IdP platforms can have catastrophic impacts,” Luca Carettoni, CEO at Doyensec said. “Applying a defense-in-depth security layer on top of service providers can significantly limit the outcomes of a successful SSO provider compromise and reduce the impact against the protected infrastructure. The configuration of the defense-in-depth layer is extremely important to a company’s overall defense posture.”

More from TechRadar Pro

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
An abstract image of a lock against a digital background, denoting cybersecurity.
Building a resilient workforce security strategy
Security padlock in circuit board, digital encryption concept
MFA alone won’t protect you in 2025: the new cybersecurity imperative
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
API
Businesses are being plagued by API security risks - with nearly 99% affected
Shadowed hands on a digital background reaching for a login prompt.
A flaw in Google OAuth system is exposing millions of users via abandoned accounts
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Latest in Pro
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
AI quantization
What is AI quantization?
US flags
US government IT contracts set to be centralized in new Trump order
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about pro
AI quantization

What is AI quantization?
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Dell Pro Max with GB300

HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
See more latest
Most Popular
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip