1.9 KiB
| title | date |
|---|---|
| Family Single Sign On Was a Bad Idea | 2024-11-23T21:41:39+02:00 |
When my eldest son became of an email-qualified age, I set him up a Bitwarden instance, so he can keep his password there. He loved it, because, it turns out, a 7-year-old finds a personal digital space important or exciting or both.
My password manager instance is not open to the public internet, necessitating use of VPN software, which needed a method to authenticate (a.k.a. login method).
As someone inundated into "best practice" security policies of a 10k+-engineer corporation for quite a while, I built my home authentication system using the only method I really respected: single-sign-on. I thought that having a single password for all of our services will be convenient and quite easy. So I set up SSO for a few services that my family uses, including the VPN software.
After thinking about it for ~2 years I realized that single-sign-on allows companies quickly onboard new employees, as well as quickly revoke access from leaving individuals. Expanding family is limited by obvious constraints, and people generally leave families very rarely, making the main SSO selling point quite moot.
To sum up, having a "single password" was unnecessary, since everyone use a password manager anyway. In a small-family setting, where nobody generally leaves "the company" and my time to maintain the SSO sand-castle is limited, it is an unnecessary overkill. I am quite surprised it took so long to understand that. Maybe my tolerance for self-induced bullshit is too high? Something to consider.
So my next project is to de-tangle the SSO mess that I put myself in and create separate users and app-passwords for each thing we use. The prospect of executing this "migration" is not fun, but the end result will be better, because things will get simpler for everyone.