Skip to content

Single Sign-On: What it is and how it works

Nowadays, single sign-on (SSO) authentication is required more than ever. Many websites offer users the option to sign up with Google, Apple, or any other service. Chances are you have logged in to something via single sign-on today or at least this week. But do you know what it is, how it works, and why it’s used? Take a deep dive into the world of single sign-on and all things related to it.

What is SSO?

Single sign-on is a session and user authentication service that allows the user to use a single set of login credentials – namely, a username and password – to access multiple websites or applications. Put plainly, SSO allows users to sign up and access a variety of online accounts with a single username and password, thus making things a lot easier for the everyday user. SSO’s primary use is as an identification system that permits websites and apps to use the data of other trusted sites to verify a user upon login or sign-up.

Essentially, SSO puts an end to the days of remembering and entering multiple passwords. An added bonus is that SSO gets users out of the vicious password reset loops.

Additionally, SSO can be great for business, as it improves productivity, security control, and management. With a single security token (a username and password), IT professionals can enable or disable a user’s access to multiple systems, which in some cases mitigates cybersecurity risks.

So, how does the magical service work?

How does SSO work?

Single sign-on is a component of a centralized electronic identity known as federated identity management (FIM). FIM, or Identity Federation, is a system that enables users to use the same verification method to access multiple applications and other resources on the web. FIM is responsible for a few essential processes:

  • Authentication

  • Authorization

  • User attributes exchange

  • User management

When we talk about SSO, it is important to understand that it is primarily related to the authentication part of the FIM system. It’s concerned with establishing the user’s identity and then sharing that information with each platform that requires that data.

Fancy jargon aside, here are the basic operational processes of single sign-on:

  • You enter a website.

  • You click “Sign In with Apple” or any other service.

  • The site opens Apple’s account login page.

  • If you’re already logged in, then it gives the site your data.

  • You are logged in to your Apple account.

  • Apple’s site verifies that you are authorized to access the site.

  • If you’re authorized, the site creates a session for you and logs you in.

In technical terms, when the user first signs in via an SSO service, the service creates an authentication cookie that remembers that the user is verified. An authentication cookie is a piece of code stored in the user’s browser or the SSO service’s servers. Next time the user logs in to that same app or website using SSO, the service then transfers the user’s authentication cookie to that platform, and the user is allowed to access it. It’s important to highlight that an SSO service doesn’t identify the exact user since it does not store user identities.

What is an SSO Token?

An SSO token is a digital unit that contains data about a particular user such as their email address. The token is used to transfer user information from one system to another during the single sign-on process. For the recipient to verify that the token comes from a trusted source, it has to be signed digitally.

The SSO service creates a token whenever a user signs in to it. The token works like a temporary ID card which helps identify an already verified user. This means that when the user tries to access a given app, the SSO service will need to pass the user’s authentication token to that app so they can be allowed in.

Password security for your business

Store, manage and share passwords.

Get NordPass Business

30-day money-back guarantee

Single-Sign-On Costs

Because many of the SSO solutions currently available on the market are cloud-based, most of them are offered in a monthly subscription model. The price of a cloud-driven SSO solution designed for small and mid-sized businesses can range from $1 to $10 per user per month.

However, those that want to get an SSO solution designed for a big enterprise will need to either pay more each month or make an entry fee. Enterprise-grade solutions are usually more wide-ranging and require vendors to customize them to each of their client’s needs and requirements. Hence, the price difference.

Is single sign-on secure?

Yes. An SSO protocol is secure when implemented and managed properly and used alongside other cybersecurity tools.

The main benefit introduced by single-sign on with regard to cybersecurity is that, because it allows using a single set of credentials for multiple services, there are fewer login details to be lost or stolen. As long as the server is secure and an organization’s access control policies are established, a malicious user or an attacker will have little to no chance to do any damage.

However, this benefit could also pose a certain kind of risk. Since SSO provides instant access to multiple accounts via a single endpoint, if a hacker gains access to an authenticated SSO account, they will also gain access to all the linked applications, websites, platforms, and other online environments.

This issue can be easily mitigated by implementing an additional layer of security known as Multi-Factor Authentication. Combining SSO with MFA allows service providers to verify users’ identity while giving them easy access to applications or online platforms.

The benefits of SSO

Reduced password fatigue

With SSO in place, users only have to remember one password, making life a lot easier. Password fatigue is real and dangerous. SSO encourages users to come up with a single strong password rather than using a simple one for each account separately. It also helps users escape the vicious cycle of password reset loops.

Increased employee and IT productivity

When deployed in a business setting, SSO can be a real time saver. According to a recent report, people waste 16.3 billion hours a year trying to remember, type, or reset passwords. In a business environment, every minute counts. Thanks to SSO, users don’t need to hop between multiple login URLs or reset passwords and can focus on the tasks at hand.

Enhanced user experience

One of the most valuable benefits of SSO is an improved user experience. Because repeated logins are not required, users can enjoy a digital experience with less hassle. This means that users will be less hesitant to use the service. For any commercial web-based service, SSO is an essential part of their user experience.

Centralized control of user access

SSO offers organizations centralized control over who has access to their systems. In a business setting, you can use SSO to grant new employees specific levels of access to different systems. You can also provide employees with a single set of credentials (username and passwords) to access all company systems.

Top single sign-on solutions

Microsoft Azure AD

Microsoft Azure AD includes Active Directory Federation Services (AD FS) as an option to support SSO. Azure AD also offers reporting, security analytics, and multi-factor authentication services. It’s perfectly suited for any company that uses the Microsoft Azure cloud platform, no matter its size.

Okta Identity Cloud

Okta is well-established in the world of SSO solutions. They are open-source SSO leaders because of their flexibility and ease of use. Okta offers customizable open identity management in real time according to business needs, as well as two-factor authentication and a password reset functionality. Okta can serve the needs of multiple industries, from education and nonprofits to financial services and the government.

OneLogin Unified Access Management Platform

OneLogin is an open-source SSO provider that is often used for employee access to the company’s cloud-based applications. OneLogin is suited for a variety of IT administrator needs since it is designed to enforce IT policy in real time. It can also be updated according to specific needs if any changes occur, such as an employee leaving.

Idaptive Application Services

Idaptive is primarily suited for small to medium-sized businesses. Idaptive is capable of providing support to many users at once, thanks to their new cloud architecture. The company also offers adaptive MFA, enterprise mobility management (EMM), and user behavior analytics (UBA) all in a single solution.

Ping Intelligent Identity Platform

Ping offers services to large enterprises. The solution can serve anywhere between a few hundred to a few million users. Ping provides both on-premises and cloud options for deploying their solution. Additionally, the service comes with multi-factor authentication.

Does NordPass provide SSO?

Yes, NordPass does provide a single sign-on authentication! It can be set up via NordPass Admin Panel for users who want to log in to the NordPass app with their Microsoft Azure, Google Workspace, or Okta credentials.

This means that if you turn on Microsoft Azure Active Directory (AD), Google Single Sign-On, or Okta Single Sign-On, and invite new members who use one of these SSOs, they will be allowed to login in using their Azure AD, Google, or Okta SSO credentials — it’s as simple as that.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Storage Beyond Passwords: Securely Save Files in NordPass

Ever been in that awful situation where you’re going through old emails or disorganized folders trying to find that one crucial document? The insurance form, an e-copy of your ID, or even a video detailing how to get into your new office? Wouldn’t it be a game-changer if you had all your important files right next to your passwords, credit card information, or secure notes?

Good news! Today, we are excited to introduce File Attachments — a new and improved way to manage important files with NordPass.

Best for large file attachments

Here’s a quick rundown of how it works. As a NordPass Premium user, you now have the ability to attach files to your saved items in NordPass. It’s not just about enhancing organization. This feature also provides an unmatched level of security. Forget the hassle of disorganized unsafe file storage. Any attached files or documents will be as secure as your passwords thanks to our encrypted storage.

But we didn’t stop at mere functionality. NordPass Premium now provides a whopping 3GB of encrypted storage per account, a giant leap forward. That’s not just more — it’s three times more than any other password manager out there! We’re offering you unrivaled storage and advanced security — and that’s certainly what we call more bang for your buck!

NordPass — The best password manager for large file attachments.

– Attila Tomaschek

CNET

No strings attached (except your files)

With NordPass Premium’s File Attachments, you have the freedom to store documents of any type to one of your existing items. Whether it’s a simple JPEG, PDF, MP4, or DOC file — NordPass supports them all.

Supported file types

The new feature allows for files up to 50MB in size and up to 50 attachments per single item. The only limit is your 3GB storage per user — and that’s a whole lot of space for your files.

While we aim at maximizing convenience, your security is always our top priority. To ensure maximum protection, we currently do not support attaching files to shared items or sharing items with files attached.

You can learn more about how to attach files to your NordPass items in our handy help center article.

Streamline your digital life with NordPass

In the digital age, we often juggle tons of files, documents, and data, and that can lead to a disorganized and chaotic personal digital space. With our new File Attachments feature, we look to help you take back control and streamline your digital life by allowing you to save documents in a quick and efficient way

With NordPass Premium, you can now attach important files to all your saved items. Store any file in one secure place with 3GB encrypted storage.

Instant access

When you’re in a hurry, having quick access to your important documents can make all the difference. That’s where File Attachments shine. Need to view a copy of your ID or an important receipt? No problem! With File Attachments, all your vital images or documents are just a few clicks away.

Effortless downloads

It’s not just about attaching and storing your files along with your passwords. It’s also about being able to retrieve them whenever necessary. Suppose you’ve stored financial documents that you need to share with your spouse. With File Attachments, you can quickly and effortlessly download these files directly from NordPass.

Unprecedented control

The File Attachments feature isn’t just about adding another functionality to NordPass. It’s about giving you greater control over your digital life. You get to decide what files to attach, what items those files are attached to, and when to download or delete them. You can also organize your vault in a way that best suits your personal or professional needs.

A single secure place for files and passwords

Take your password manager experience to the next level with NordPass Premium. Don’t just manage your passwords, manage your life. No more scrambling for documents, no more disorganized files, and certainly no more compromised security.

Your life. Your files. One secure place. Start your NordPass Premium journey today and make the most of our File Attachments feature.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

23.3.9 ‘Voyager’ released

Changes compared to 23.3.8

Bug Fixes

  • Fix an issue with macOS devices failing to log in with an ERR_UNKNOWN_DEVICE error
  • Fix an issue with the Recent Activity and Policies pages not loading correctly when hard-refreshed or loaded directly via URL
  • Fix an issue with Comet default branding not presenting correctly following a server upgrade

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

CyberLink FaceMe® facial recognition integrates with MediaTek’s Genio 700 IoT Platform to deliver a 6.5X performance boost

CyberLink (5203.TW), a leading manufacturer of AI facial recognition technologies, has strengthened its presence in the smart IoT market. The company has announced that its FaceMe® facial recognition engine has been integrated with MediaTek’s Genio 700 next-gen smart IoT platform, dramatically increasing AI performance.

While it continues to integrate with numerous other IoT platforms, CyberLink FaceMe® has significantly improved performance on MediaTek’s latest Genio 700 processors. Running on a Genio 700, the FaceMe® engine is accelerated by MediaTek’s AI Processing Unit (APU). Performance tests show that, in comparison to running exclusively via CPU processing, the APU hardware / software integration increases performance by 6.5X, with a 24% reduction in CPU usage.

The new MediaTek processor provides faster, more efficient and reliable AI facial recognition processing, meeting the complex, high-speed edge computing needs of smart retail and smart security and access control operations. “The strong alliance between CyberLink and MediaTek, with its Genio IoT products, will provide FaceMe® users with faster, more convenient, and powerful facial recognition edge computing products,” said Jau Huang, Chairman and CEO of CyberLink, “enhancing the security and dependability of deployed facial recognition services.”

MediaTek’s Genio 700 is a high-performance AI computing IoT platform. This system-on-chip (SoC) provides powerful CPU, GPU and AI modules, designed for smart home, smart retail and industrial IoT devices. By integrating the latest AI cores and accelerators, the Genio 700 greatly enhances the smart computing power of edge devices, and significantly increases the number of image frames that can be processed per second. MediaTek’s platform can also support real-time AI facial recognition from multiple simultaneous video streams, improving the identification efficiency for implementation scenarios such as smart retail, and access control.

CyberLink FaceMe® not only recognizes faces but can also identify gender, age, and emotions. These features enable the turnkey FaceMe® Smart Retail customer analytics solution to obtain insight into guest demographics, behaviours, and trends. FaceMe® Security strengthens on-site security, with a more complete intelligent security control system.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com

ESET Research reveals new analysis of AceCryptor: used by crimeware, it hits computers 10,000 times every month

  • ESET researchers publish details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families.
  • AceCryptor samples are very prevalent worldwide because multiple threat actors are actively using the cryptor malware to spread packed malware in their campaigns.
  • During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor.
  • Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. This amounts to over 10,000 hits every month.
  • Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware used to steal credit card credentials and sensitive data, upload and download files, and even steal cryptocurrency.
  • AceCryptor is heavily obfuscated and has multiple variants, and throughout the years, has incorporated many techniques to avoid detection.

BRATISLAVA — May 25, 2023 — ESET researchers revealed today details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families. This threat has been around since 2016, and has been distributed worldwide, with multiple threat actors actively using it to spread packed malware in their campaigns. During 2021 and 2022, ESET telemetry detected over 240,000 detection hits of this malware, which amounts to over 10,000 hits every month. It is likely sold on dark web or underground forums, and tens of different malware families have used the services of this malware. Many rely on this cryptor as their main protection against static detections.

“For malware authors, protecting their creations against detection is challenging. Cryptors are the first layer of defense for malware that gets distributed. Even though threat actors can create and maintain their own custom cryptors, for crimeware threat actors, it often may be time-consuming or technically difficult to maintain their cryptor in a fully undetectable state. Demand for such protection has created multiple cryptor-as-a-service options that pack malware,” says ESET researcher Jakub Kaloč, who analyzed AceCryptor.

Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware available for purchase on underground forums and used to steal credit card credentials and other sensitive data, upload and download files, and even steal cryptocurrency. RedLine Stealer was first seen in Q1 2022; distributors have used AceCryptor since then, and continue to do so. “Thus, being able to reliably detect AceCryptor not only helps us with visibility into new emerging threats, but also with monitoring the activities of threat actors,” explains Kaloč.

During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor. Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. AceCryptor is heavily obfuscated and has incorporated many techniques to avoid detection throughout the years. “Even though we don’t know the exact pricing of this service, with this number of detections, we assume that the gains to the AceCryptor authors aren’t negligible,” theorizes Kaloč.

Because AceCryptor is used by multiple threat actors, malware packed by it is distributed in multiple ways. According to ESET telemetry, devices were exposed to AceCryptor-packed malware mainly via trojanized installers of pirated software, or spam emails containing malicious attachments. Another way someone may be exposed is via other malware that downloaded new malware protected by AceCryptor. An example is the Amadey botnet, which we have observed downloading an AceCryptor-packed RedLine Stealer.

Since many threat actors use the malware, anyone can be affected. Because of the diversity of packed malware, it is difficult to estimate how severe the consequences are for a compromised victim. AceCryptor may have been dropped by other malware, already running on a victim’s machine, or, if the victim got directly afflicted by, for example, opening a malicious email attachment, any malware inside might have downloaded additional malware; thus, many malware families may be present simultaneously. AceCryptor has multiple variants and currently uses a multistage, three-layer architecture.

Even though attribution of AceCryptor to a particular threat actor is not possible for now, ESET Research expects that AceCryptor will continue to be widely used. Closer monitoring will help prevent and discover new campaigns of malware families packed with this cryptor.

For more technical information about AceCryptor, check out the blogpost “Shedding light on AceCryptor and its operation” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Heatmap of countries affected by AceCryptor according to ESET telemetry

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×