-

 Week 9 Blog: Single-Sign-on Authentications

 

I have the opportunity of learning about a new authentication method for the very first time, so, I have decided to use this blog post to discuss as much as possible to explain some details about the authentication method. The authentication method in which I am speaking of is none other than Single Sign-On authentication. First, before going any further, “authentication is a process usually managed by a server that proves the identity of a client (which could be a user, service, or application) and determines whether that client is allowed to access a secured system.” To validate the very identity of any client, there must be some kind of “directory service” implemented in place to manage all the database account information associated with the client “usernames, passwords, and other authentication credentials.”

Authentication

In addition to speaking about authentication, there must be an effective password policy implemented to prevent users from compromising their credentials due to inefficient use of passwords. The one way in which password policies can become effective in preventing and increasing “security of user authentication is through a well-designed” and establish “password policy.”

Password Policies

The purpose for passwords policies is to require a password to meet certain requirements like the following:

1.      Complexity – the complexity of password is to require users to utilize combination of different type of characters like upper and lowercase letters, numbers, and non-alphanumeric characters.  

2.      Length – any cybersecurity experts will validate the importance of implementing password policy to meet certain requirements.

3.      Expiration – part of implementing password requirement is to have user change their password after certain period. This requirement increases password resistance against hacking. Implementing a policy that prevents users from reusing pervious passwords is imperative because users have the habit of reusing their pervious password.

4.      Lockout – the purpose for this requirement, configuring this into password policies is to have the system automatically lockdown a user account after the require sign-in attempt as reach. Multiple attempts made of entering password is one of various ways cybercriminals can break-into accounts.

Single Sign-On

That said, security is always a huge aspect to fully accomplish especially when it comes to “convenience and safety.” Increasing security operation for the purpose of locking “down a resource,” the likely hood of decreasing conveniences rise. If you implement security measures that are just way too inconvenient for users, it may not become too welcome to the average users, and they will attempt to find an avenue around the security protocol. On the other hand, resources become unsecure if you decide to make security convenient for users. The answer to implementing good security will be to find and effectively utilize “tools that increase both convenience (so people will use them correctly) and safety (so they keep your resources secure) and avoid sacrificing safety to increase convenience.” Single Sign-On is security method to this solution, however, single sign-on does not completely solve the problem to this “conundrum,” Single Sign-On technology prevents the user from having to create more than one account. Google used single sign-on technology to reduce the burden of having to memorize too many passwords for many different accounts. When a user is in the process of creating an account for Facebook, LinkedIn, and many other platforms, the user will be provided with an option to sign-in with Google, that is if the user already have a Google account, for example.

 

 

 

Reference:

West, Jill. (2023). CompTIA Cloud+ Guide to Cloud Computing (p. 267 - 270). Kindle Edition. Retrieved: November 6, 2023.

Comments

Post a Comment

Popular posts from this blog

-
Image
 Hybrid Cloud and Multi-Cloud Networking Objectives: Hybrid Cloud and Multi-Cloud Networking, The Different Between Virtual Private Network and Direct Connect. 1.       Hybrid Cloud and Multi-Cloud Networking The purpose for this blog article is to discuss some helpful tips regarding hybrid cloud and multi-cloud networking, and the differences between VPN (Virtual Private Network) and Direct Connect – the important role both methods play in connecting network. A hybrid cloud is a network infrastructure that exists in two different places – on-prem and in the cloud. Like hybrid clouds is multi-cloud which is a network infrastructure that’s dedicated to two or many different platforms like, AWS (Amazon Web Service), GCP (Google Cloud Platform), or Microsoft Azure and Salesforce. With all these different platforms, one could wonder about the notable complexity in making these different network services and tools to communicate to and assist each other. The question then is, so why wil
Week One: Safety and Professionalism
-
 Threats to Cloud Security.   Cloud computing is on the rise and becoming popular in the public and business enterprises sector. Many CSPs (Cloud Service Providers) like, Microsoft Azure, AWS (Amazon Web Service), and GCP (Google Cloud Platform) are offering their clients and users the opportunity to migrate the operations to the cloud by subscribing services () that fits their operation needs. There are many activities involved with migrating to the cloud that are important for the public and business enterprises to understand before making such leap (migrate). Speaking of migrating, the term security is one of the most critical aspects that concerns cybersecurity team members, and all proper measures must be taken seriously. The uprising of cyber threats to cloud computing increases by the day just as cloud computing becomes more and more popular. The following are lists of threats to cloud security: 1.       Data Breach - regardless of whether data is accessible throu
Week One: Safety and Professionalism
-
BSIT 400 - Cloud Computing and Governance.  Migration to the Cloud Technology has transformed and revolutionized our ways of achieving and accomplishing dreams and goals since its existence. The introduction of cloud computing has taken it even further. The purpose for this week three blog topic is center around “Migration to the Cloud.” There are a variety of contents and activities involved with cloud migration, and it’s imperative for one to fully understand all these contents and activities involved for a smooth transition. Some of these contents are but not limited to, Migration Planning, Migration Execution, Deployment Testing and Validation, Cloud Agility, and Planning for Problem. This week three blog is going to focuses on the following contents and activities: 1.       Migration Planning a.        Cloud Migration Phases – this activity involved completing the most important phases contents which are Planning, migrating, validating, and managing. These migration phases
Week One: Safety and Professionalism