Single Sign-On: Is it Really Safe?

13/04/2019 09:12:34
Nothing pleases us more than instant gratification. Just think about your own browsing habits. As a member of the Xennial generation (It’s a thing! Look it up HERE!), I remember waiting for at least 4 minutes for my computer to dial up the internet and up to a minute – and sometimes more – for a page to load. Statistics show that now, 47% of consumers demand that their chosen website load in under 2 seconds while 40% of us (don’t pretend this isn’t you) will totally give up on any website that takes more than 3 seconds to load.  If there’s one sub-section of the web that people wait for or reload over and over until it works – it’s social media. According to Smart Insights, of the population of the world (7.593 billion just in case you were wondering), there are 4.021B internet users, 3.196B active social media users and 2.958B active mobile social media users.

Now consider that social media sites are increasingly used to help you sign into third-party sites. I won’t pretend I’m not relieved when I don’t need to enter all my details into a new site to get to the information or entertainment I want. When there is an option of migrating my information or signing into a new site through one of my preferred social media sites, I breathe a sigh of relief. This sigh of relief might be my last gasp according to the Sangfor Security Team who recently analyzed 50 top global social media sites and discovered single sign-on vulnerabilities in at least 11 of them.

“How safe is this?” might cross our minds for a moment, but most people (we’d guess around 40-47% of us) just want our pages to load, applications to work and information to be at our fingertips immediately. The security flaw in OAuth and OpenID allows attackers take advantage of that digital space in-between your trusted social media page (like Facebook, Twitter or Google) and the new page or application you hope to access, and redirect you and your personal information to a malicious website or application designed to harvest that information for their own evil purposes.

So what can you do to protect your information (or in the case of many of our readers) your company information from falling into that gap? Many companies are implementing simple but somewhat benign disclaimer policies warning of the dangers, but as we’ve seen from the statistics, instant digital gratification is very important to almost half of all internet users. Some companies have been blocking the use of single sign-on through the use of proxy servers or next generation firewalls like Sangfor’s NGAF.

About Sangfor Technologies:
Sangfor has done the research. With 20% of Sangfor’s total revenue dedicated exclusively to R&D, our Security Team, researchers and products are up to the task of protecting you and your information. Check out our website www.sangfor.com for more information on how you can optimize your network (and please all those instant gratification fans out there), protect yourself and stay cutting-edge.

Founded in 2000 and a publicly traded company as of 2018 (SANGFOR STOCK CODE: 300454 (CH)) Sangfor Technologies is the global leading vendor of IT infrastructure solutions specializing in Cloud Computing and Network Security.


Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2019 SANGFOR TECHNOLOGIES INC. ALL RIGHTS RESERVED.