What is single sign-on (SSO)?
Single sign-on (SSO) is an identification system that allows websites to use other, trusted sites to verify users. This frees businesses from the need to hold passwords in their databases, cuts down on login troubleshooting, and decreases the damage a hack can cause. SSO systems work sort of like ID cards.
How does SSO work?
1. As a user, you hit an intermittent page on website.com that checks to see if you’re already logged in. If you are, it runs you off to whatever you really wanted, your Gmail inbox, for instance.
2. If you’re not already logged in, you’re presented with a login screen.
3. You drop your email and password in the form, website.com checks those credentials against its database, and then you’re either logged in or rejected.
4. If you’re logged in, website.com will issue some sort of tracker. This could be on the server, or it could be sent over to you as a token. In a true SSO system, you’ll just cruise around from site to site with full access.
The benefits for users
There are a few main benefits for users who interact with SSO.
Convenience:Users only need to remember one set of login details. By connecting your site to their logins at Google, you ensure that even sporadic users can remember how to log in; they just log in to Google.
Transparency:Users know what’s being shared from one system to another, at least in a delegated system. It’s like when you install a new app on your phone, and it asks for permission to access your photos, contacts, and bank account. If you’re not happy with those options, you can opt out.
Speed: With SSO, users don’t have to go through lengthy sign-up and verification processes. Because Facebook has already done all the email verification and data collection, new users can sign up as quickly as they can log into Facebook.
Security:Users also get the peace of mind that comes from knowing that website owner doesn’t have their password stored in plain text somewhere out in the internet backwater. Facebook continues to be the main point of trust, which allows the user to try new things without fear.
The benefits for your business
That’s great news for your users, but what’s in it for you, the website owner?
More user sign-ups. SSO provides a lower barrier to entry, so new customers can sign up easily and securely, by relying on a known brand. Facebook is managing the process, so they don’t worry about your unknown system and brand. Trust is increased, which increases conversions.
Less work on the back end. Meaning, you won’t have to worry with managing passwords. While reducing your hack risk the next point, is important not having to reset people’s passwords every five minutes. All the authentication and password heavy-lifting is managed by the trusted authenticator.
Reduced risk. Finally, you’re removing that tempting pie from the windowsill. Hackers have less incentive to hit your site if you don’t host a ton of login details. You’re also less likely to have a bunch of users with horribly weak passwords poking holes in your site’s overall security.