Single-Sign-On: an argument against

 

I don’t think that this will be a very popular viewpoint but it’s been on my mind for a while so I’m using this post as a way of getting it out of my head. It’s enough of a mess in there and I’m having a clear out.

sso

I’ve been looking a┬álot lately at single sign on (SSO) and the different reasons for and against it’s use. The ‘for’ arguments are pretty obvious. I log in to one thing and then I’m automatically signed in to everything else. Bonus…no more people asking me for usernames & passwords for everything they use. No more remembering lots of complicated passwords that I have set to keep everything secure. Breaking down barriers for users not so confident moving between all of their online resources. All sounds good and I don’t

disagree. Getting staff and students to their own set of books on MLS, logging in to their I Am Learning platform quickly and easily, getting everyone to their email and calendar at a single click… The list goes on and it’s uses are well documented and the holy grail for anyone who wants to use multiple suppliers from one place.

So what’s my problem? Why am I writing an argument against SSO if I thinks it’s so useful? Well here goes…

My only computer is my laptop. On that laptop I access everything from my bank, my email, my calendar, my PayPal account etc. etc. you get the idea. My laptop has a password to stop any strange and unwanted people from getting to any of the content on there. I also have a phone and a tablet which are both logged into twitter, email, this blog… Again the list goes on. Both have passcodes. Why am I telling you this? Well @_Rich_Barnett_ (not one of the afore mentioned ‘strange & unwanted but I’ll use him as an example) knows the password to my laptop and I’m sure, without much effort, could guess my passcode for my phone too. CodeScambler-Hero-1024x576If we think of this like single sign on, Rich could easily access my laptop, read my emails, get into my bank, PayPal, Amazon or eBay accounts to spend a fortune on my credit card (if it wasn’t already maxed out) or anything else he wanted. If he got hold of my phone who knows what would be on twitter, Pinterest or, God forbid, my parents inbox. My point is that we are moving toward one password meaning access to everything. It’s quick and easy but it also allows those naughty people out there easy access to everything you have online by working out just one password too. Is this the lesson we should be teaching our students? Should we be encouraging them to set up complicated passwords to keep secure and then authenticating those accounts with everything else to make life easier? Should we not be encouraging students to be as secure online as possible by logging into the things that could cause issues individually?

So let’s put this into the context of a school. I’m a student who ‘happened’ to look over the shoulder of another student while they were logging in to their learning platform. When I get to my computer I log in as them and decide to have some fun. I start off innocent with a couple of forum or wall posts that make them sound less than intelligent.

hacker-stealing-dataI then go to their files, rename a few, delete some and cause general mischief. Why not take it a step further? Let’s go to their email and read some messages, delete a few to annoy them and then I start emailing ridiculous messages to friends and teachers which will have ‘hilarious consequences’. Might as well get into their SkyDrive (soon to become OneDrive I think) and mess up a few files. Delete their latest version of their project and add some lines into some files to add a bit more mischief. While I’m here let’s go on to I Am Learning and get lots of really simple questions wrong to lower my levels and buy a whole load of rubbish for my avatar. 20 minutes on my computer and I’ve suddenly made a complete mess of the students work, messed up IAL assessment data and possibly offended a lot of people with my messages and emails. Thanks single sign on. That was fun!

easywayhardway

 

I’m not against SSO as this post might lead you to believe. My intention is to put it out there as something to consider. Do we really think about the implications of some of the things we do? With technology there is a huge temptation to do what makes life easier.I just wonder whether making life easier is having an adverse affect and if by doing these short cuts we are sending out the wrong message to our students.

(3696)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *