On the other hand, there is a certain implementation effort as well as the inherent weaknesses of single sign-on. In essence, only those services that are supported by the respective SSO system can be used. If the SSO system fails, access to the associated applications will be limited or impossible. This is the case, for example, when social media accounts are also integrated that are blocked by the network in libraries and educational institutions, for production reasons at certain workplaces, or in countries with active censorship (e.g. the People's Republic of China).
The actual security of single sign-on should also be considered. If a user leaves their workstation, a third party could theoretically use the time until the automatic “single sign-out” takes place, in order to take advantage of the access granted through the sign on. It is also problematic if the “master password” for the SSO interface falls into the wrong hands – this gives the attacker immediate access to all associated services.
There are also concerns due to the GDPR, in which the requirements for protecting personal data have been tightened throughout Europe since 25 May 2018. It is now necessary to obtain an explicit agreement from the users to be able to use single sign-on. In the past this agreement was also required, but the legalities surrounding the situation have been changed so much that the situation is now much stricter.
In view of these potential risks, it is necessary to pay special attention to the security of the data stored on the server side. It makes sense to up the security of SSO features using two-factor authentication, or other solutions such as smart cards or tokens, which can generate TANs.