20 Oct
2016
20 Oct
'16
10:05 p.m.
On Thu, 20 Oct 2016 17:01:06 -0700 Rick Stevens ricks@alldigital.com wrote:
Not to my mind. SSO (single sign on) is, IMHO, a really bad thing. Yes, it's easier to administer because the authentication is being handled by someone else and you "don't have to be bothered". However, now your security is now ENTIRELY dependent on the security of that provider. If they're breached, YOU'RE breached. Relying on someone else to provide your security is, again IMHO, a truly idiotic thing to do.
Thanks, this was my reasoning as well. But Matthew has a point too, that for low value accounts the trade off might be worth it.