What is a potential security risk when organizations synchronize passwords or provide single sign-on across systems?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What is a potential security risk when organizations synchronize passwords or provide single sign-on across systems?

Explanation:
Centralizing authentication by synchronizing passwords or using single sign-on means the same credential unlocks access to many systems. When that credential is exposed—through a breach, phishing, or malware—the attacker can reuse it to access all connected services, expanding the impact across the environment. This reuse across systems creates a larger attack surface and a single point of failure: compromise of the identity provider or the shared credential grants access to multiple resources. The other options don’t reflect this widened risk: SSO can affect security posture, but it isn’t automatically an improvement; password length isn’t the primary issue here; and there is a real effect on risk.

Centralizing authentication by synchronizing passwords or using single sign-on means the same credential unlocks access to many systems. When that credential is exposed—through a breach, phishing, or malware—the attacker can reuse it to access all connected services, expanding the impact across the environment. This reuse across systems creates a larger attack surface and a single point of failure: compromise of the identity provider or the shared credential grants access to multiple resources. The other options don’t reflect this widened risk: SSO can affect security posture, but it isn’t automatically an improvement; password length isn’t the primary issue here; and there is a real effect on risk.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy