Using single sign on authentication requires numerous processes to be run in the background. After the user enters their user name and password, each application has to process and run an authentication process. Once every application has authenticated the user, they will have access to each application, without having to re-enter their user name and password. Using this type of authentication comes with security risks, because it allows access to multiple resources, without a second form of authentication.
You Can Require a Second Form of Authentication with Single Sign on Authentication
There are ways in which you can use single sign on authentication, but still have added security with a second form of authentication. In this type of situation, single sign on still authenticates against every application at the initial log-in process. However, when the user clicks on an application, they are challenged for the second form of authentication, such as a digital certificate or USB token. The user has to select which digital certificate or token to use, in order to complete the authentication process and gain access.