Are you inputting your password into a cloud hosted SaaS portal/app?
This is a big no-no, a huge security and compliance risk. If your organization is allowing users (staff, students, customers, external users) to access cloud hosted SaaS apps/portals by inputting their passwords on such portals, then you may be taking on substantial security risk.
In most cases, you have no idea where and how these passwords are stored by the SaaS vendor, or who (at SaaS vendor’s organization) has access to such passwords. SaaS vendors employees, consultants, contractors, and agents may have (un)authorized access to your passwords. In addition, most SaaS vendors are not experts in the area of authentication and identity management, in which case, such passwords are subject to leakage. They may not have proper systems and processes in place to manage user identities, credentials and data.
Here is a major news headline from Symplicity, a major SaaS vendor, that highlights some of the risks.
One way to avoid such disasters is to login to SaaS services only via federated identity and authentication. This would require your organization to adopt technologies such as Elastic SSO Enterprise and/or Elastic SSO Team, which would prevent you (and your users) from inputting passwords on 3rd party SaaS vendor portals, and still provide secure access. Here is a sample list of SaaS vendors who already support the federated authentication model of secure access.
