A look at the risk of stolen single sign-on credentials.

BitSight released research yesterday analyzing exposed public company single sign-on (SSO) credentials. OneLogin defines SSO as “an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.”

BitSight’s research on the topic began in January of this year, and found that there is steady growth in availability of public companies’ SSO credentials on the dark web, with over 1,500 becoming available in only June and July. There has also been a steady increase in the number of companies with credentials on the dark web. Industries found to be most impacted by compromised SSO credentials for sale include “Technology, Manufacturing, Retail, Finance, Energy, and Business Services.”

SSO credentials: hard to protect, easily stolen.

BitSight says that SSO credentials can be hard to protect, and are easily stolen. BitSight Co-Founder and CTO Stephen Boyer says, "Credentials can be relatively trivial to steal from organizations, and many organizations are unaware of the critical threats that can arise specifically from stolen SSO credentials. These findings should raise awareness and motivate prompt action to become better acquainted with these threats.” Additionally, it was also noted that organizations with stronger cybersecurity (that BitSight has defined) were found to be less likely to have exposed SSO credentials.

To prevent the risk of credential theft, BitSight recommends using adaptive multi-factor authentication (MFA), which factors in “geolocation, day and time, and suspicious activity,” or universal two-factor authentication, which uses an origin-bound physical key. Other recommendations include limiting access to critical systems to only those who need it, and managing risk from third-party vendors that are utilized by the company.