Now, this is interesting. In talking about the benefits of single sign-on, we often make the assertion that security is reduced as users have to remember more passwords. In the past, this statement was largely based on anecdotal evidence, but now we can point to the DTI Information Security Breaches Survey 2006, conducted by PricewaterhouseCoopers for the U.K. Department of Trade and Industry (as reported by Reuters via CNet News). The full report is interesting reading; there is also an executive summary and a set of factsheets, one of which focuses on Identity and Access Management.
To quote the survey:
The more IDs and passwords users have to remember, the more likely the business is to have had unauthorised access.
So – the corollary is, as we reduce the number of IDs and passwords users have to remember, the less likely the business is to have had unauthorized access. Hence the security benefit of single sign-on (SSO).