For eons, passwords have been the gatekeepers to information and data located that is behind a ‘locked door’ or stored in a secret location. It is no different today, as passwords are a key to secrets, however, what is different today is the number of passwords that one needs to construct, recall and keep safe. This multiplicity has created a memory overload for the user, less secure passwords, and often, a strain on computer help-desk staff.

Password technologies that reduce the need for multiple passwords are evolving; their developers claim that the technologies lessen the security risk to a system due to a reduction in the number of passwords required to get through the day-to-day work of a 21st century citizen. Smart cards, biometric devices, and Single Sign-On (SSO) systems are the most promoted alternatives. Specifically, Single Sign-On password systems are of interest to the study presented here. Single Sign-On allows end users to access multiple services and systems with a single username and password, therefore reducing the cognitive load on the end user and thus supposedly, reducing end user frustration which is turn reduces password-related security risks.

This paper presents the results of a study conducted within two businesses that explored the influence SSO password systems have on system security.