Environment
Situation
Question
How does SecureLogin protect a user’s credentials?
Resolution
Answer
Although other solutions may use Triple DES and/or AES encryption, many only encrypt passwords. SecureLogin encrypts ALL Single Sign-on data including password policies, applications that are enabled and all credentials including usernames, database names and IP addresses.
SecureLogin handles much more than just logon or passwords. It handles all credentials and protects and encrypts all SSO data; in the Directory, in the local cache, during transmission, and in memory.
SecureLogin also protects the user from an administrative attack. For example, by default, if an administrator resets a user’s network (e.g. ADS) password, the next time that user logs on, they will be prompted to answer a user specific SecureLogin question. This helps protect the user from a rogue administrator simply resetting their network password and logging on as them to access their applications that have been SSO enabled.
SecureLogin also includes support for stronger security mechanisms such as PKI. If you have enabled smart cards (or wish to do so in future) for logon to the LAN, a user’s Single Sign-on credentials can be protected via PKI. Only a user with the smart card (and therefore their Private Key) would have access to their SSO credentials.
Contact ActivIdentity Professional Services for best practice recommendations based on your environment and requirements.