The text highlights that organizations leveraging Single Sign-On (SSO) for authentication are at risk of identity-based attacks due to vulnerabilities in their identity management practices, such as lack of Multifactor Authentication (MFA) and misuse of passwords. Push Security's analysis reveals that many accounts are prone to phishing attacks, with a high percentage relying solely on SSO or passwords without MFA. The research also uncovers the prevalence of 'phishable MFA' methods, leaving accounts exposed to advanced phishing tactics
Additionally, accounts having both SSO and passwords are at risk of compromise through credential stuffing or brute-force attacks, emphasizing the importance of securing all identity access points. The findings stress the critical need for organizations to strengthen their identity management strategies by implementing robust MFA measures and addressing gaps in security practices to mitigate the growing threat of identity-based attacks. https://www.darkreading.com/identity-access-management-security/even-orgs-with-sso-are-vulnerable-to-identity-based-attacks