all InfoSec news
Is Zero Trust and SSO a contradiction?
Jan. 28, 2024, 1:35 p.m. | /u/SaltedWeb717
cybersecurity www.reddit.com
Single-Sign-on implements a trust relationship between services for authentication.
Consequently both concepts are contradictions, yet there are famous Zero Trust implementations like Googles BeyondCorp that use SSO.
Assuming an adversary compromises account credentials (including possible 2FA), SSO services allow access to everything, so it contradicts Zero Trust.
Is SSO always a compromise in regards to Zero Trust?
2fa access account adversary authentication beyondcorp concepts credentials cybersecurity everything name relationship relationships services sign single sso trust zero trust
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Senior Software Engineer, Security
@ Niantic | Zürich, Switzerland
Consultant expert en sécurité des systèmes industriels (H/F)
@ Devoteam | Levallois-Perret, France
Cybersecurity Analyst
@ Bally's | Providence, Rhode Island, United States
Digital Trust Cyber Defense Executive
@ KPMG India | Gurgaon, Haryana, India
Program Manager - Cybersecurity Assessment Services
@ TestPros | Remote (and DMV), DC