Hello, SSO. It’s me, authentication

June 8, 2015 3 minute read

There’s a secret that single sign-on (SSO) never talks about. It’s called authentication.

The SSO conversation starts without mentioning the assumption that the user is already logged in. A login that requires a password. Instead, SSO is quickly positioned to triumph over the dangers of weak and reused passwords.

Many times, however, those same suspect passwords are the ones used for the initial authentication into the SSO environment.

Authentication is actually SSO’s most critical gatekeeper for a user’s identity. If the authentication password is stolen, all the user’s identities associated with that federated service are exposed.

Password policies, crazy character composition guidelines, and x-day expiration dates are the techniques enterprises typically use ﹘ with varying degrees of success ﹘ to get users to create passwords deemed strong enough for authentication to the SSO environment.

It’s within this scenario that Yubico has entered into a partnership with Ping Identity, a leader in the SSO and federation ecosystem, to create strong two-factor authentication for those critical and initial logins.

The one-time password (OTP) functionality of the YubiKey is integrated into PingID, a multi-factor authentication engine within the company’s flagship cloud identity service, PingOne.

So even if a user’s password is phished or stolen, a hacker is unable to access the user’s SSO environment without also having the user’s physical YubiKey. In addition, the Yubikey is not vulnerable to man-in-the-middle attacks that plague SMS phone-code solutions.

PingOne users now have the option to add hardware-based, two-factor authentication to secure primary logins to Ping Identity’s cloud SSO environment. There are plans to integrate YubiKeys with other components of Ping Identity’s recently unveiled Identity Defined Platform, which includes PingFederate and PingAccess. Soon privileged accounts in the Ping Identity environment also will be covered under this OTP security blanket, further protecting specific enterprise accounts.

The USB-based YubiKey is one-touch protection for all applications protected by SSO and federation. It’s a hardware authenticator that doesn’t require a battery or the installation of any client software. By design, nothing can be written to the YubiKey, so malware can’t be loaded onto it.

Support for OTP is included on the YubiKey Standard and Nano, YubiKey Edge and Edge-n, and the YubiKey NEO and NEO-n.

In addition, the YubiKey is not a single purpose device. Both the YubiKey Edge and YubiKey NEO offer support for multiple authentication options, including the FIDO Alliance’s U2F protocol. The YubiKey NEO and YubiKey NEO-n have other capabilities such as a PIV-compliant CCID smart card and OpenPGP (for code signing, etc.). The YubiKey NEO also supports NFC for logging on to mobile applications.

Share this article:

Recommended content

Thumbnail

Stop enterprise-wide identity phishing with modern strong authentication

Learn best practices to protect against enterprise-wide identity phishing and why mobile authentication just isn’t good enough.

Thumbnail

YubiKey SaaS offering from Yubico now available through the Microsoft Azure Marketplace

Today, Yubico is announcing the availability of its multi-factor authentication YubiKeys in the Microsoft Azure Marketplace. Microsoft Azure customers in the U.S. will now have access to YubiKeys to take advantage of the scalability, reliability, and agility of Azure to drive application development and shape business strategies.  “We’re pleased to welcome Yubico to the Microsoft ...

Thumbnail

Future-Proofing Authentication and Compliance for Healthcare Organizations

Healthcare continues to remain one of the most highly targeted industries by cyber criminals. In fact, with the COVID-19 pandemic, the industry has seen a doubling of the number of cyber attacks – attacks which are both costly ($9.23 million, on average) and disruptive. What’s even more troubling is that these attacks are likely to ...

Thumbnail

Put Your Finger on the Pulse of What’s New with the YubiKey Bio Series

Today, we are announcing the YubiKey Bio Series, Yubico’s first-ever YubiKeys supporting biometric authentication. The YubiKey Bio was first previewed at Microsoft Ignite in 2019 where we showed a live demo of passwordless sign-in to Microsoft Azure Active Directory accounts. We’ve taken the time to ensure that we are launching products that are highly secure ...