“Login failed: username not recognised or incorrect password.” The number of different passwords and login data we all hold has increased significantly in recent years. Bring your own identity (BYOI or BYO-ID) is intended to give users the option of a Single Sign-on (SSO). BYOI is a method of digitally authenticating an individual, which involves the end user’s username and password being managed and, in some cases, provided by a third party. SSO has to do with the authentication process behind a session. The user stores a username and password to gain access to several applications. Both concepts allow the user to log in quickly and conveniently. But critics say there’s a risk of personal data being compromised or stolen. This raises the question: is user security being compromised at the expense of practicality? You can read about what BYOI and SSO are and their advantages and disadvantages here:
The vast number of passwords sets a major challenge for users: they have to hold on to a range of login data for every online service and every app account to identify and authenticate themselves. On average, a user has to remember over 100 passwords, many of which are complex to meet security requirements. Identifying yourself with an ID card is usually sufficient in the offline world – but in the digital world, we have countless user accounts for various online services for which we have to remember different passwords. In a worst-case scenario, an online account might get blocked and can only be released again by contacting customer service. This is often not just time-consuming but also aggravating.
The digital authentication method BYOI is set to clear up the jungle of passwords. This concept is often used for logging into websites. It means the end user doesn’t have to create a new password or even a username but can rely on a third party to manage their digital identity (identity management or IdM), allowing them to log in using an existing identity. All that’s required is for the target application to have integrated the BYOI service.
Examples include logging into an account using Facebook, Twitter or LinkedIn. When a social network offers this approach, it’s known as “social login”. Besides social media platforms – government institutions, Internet and network providers, or even banks sometimes provide the BYOI option for their customers. But these require strengthened identity verification before enabling this option to avoid data misuse. At a company level, BYOI is also called Identity-as-a-Service (IDaaS).
The key to BYOI: SSO
BYOI depends on a single-sign-on solution. This involves the user setting up a name and password to authenticate themselves for several applications. By doing so, they don’t need to enter any more information, and no further identification is required. Yet SSO isn’t just used in a private context – it’s also used for identification management in the corporate environment for web applications such as access to the corporate cloud. SSO is thus used to replace separate login processes and acts as a unified identity for the individual user. An essential difference between single-sign-on and Same User, Same Password (SUSP) lies in the fact that with SUSP, the user must log in separately for each application with different login data – while SSO automatically provides authentication for a whole host of apps.
Single-sign-on isn’t the same as Self-Sovereign Identity (SSI). Although the acronyms only differ by one letter, they stand for fundamentally different things: while SSO is a centrally managed identity – often with only weak data verification – SSI creates a digital identity without a major party being present. SSI is mainly used for digital wallets.
The advantages and disadvantages of BYOI and SSO
One of the main benefits of BYOI and SSO is the ease of authentication: many companies increasingly incorporate a range of clouds (multi-cloud) for their workloads. Thanks to SSO, users can easily log into the various cloud applications. This ensures an improved user experience, and the time-consuming administration of various user names and passwords is no longer necessary. For web-based services, BYOI and SSO benefit from users being able to register quickly without needing to remember new usernames and passwords.
But there are downsides: although advocates contend it’s unimportant where Identity Access Management (IAM) is held, critics fear this is too lax an approach to data security and protection. They also complain that companies become dependent on their identity service provider – which means there’s a single point of failure when using the various applications. If digital identity data is stolen or compromised, this can have huge knock-on effects in some cases, including financial impacts.
That said, an ever-expanding collection of passwords and usernames can pose security risks as users’ password hygiene can be insufficient. For instance, many users utilise the same login data for various accounts. If this data is compromised once, all their applications are at risk.
Another benefit of SSO is automated access data management: admins no longer need to take care of their employees’ individual accounts, which leaves IT teams free to concentrate on more essential duties. Furthermore, Multi-Factor Authentication (MFA) can make the one-off login into all applications even more secure. This ensures both key aspects: user-friendliness and (data) security.