220 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
having to remember an identication and password pair for every system on
the network, a user of an SSO can simply remember a single identication
and authentication pair (typically more than just a password). Such a system
provides the benets of consolidating authentication within the enterprise
and encouraging better user habits because the user only has to remember
one password.
◾ Two-Factor Authentication—Two-factor authentication, also called strong
authentication, is the practice of requiring at least two forms of authentication
information from a user prior to conrming the user’s identity.
3
◾ Identity Management Systems—Identity management sys