Single Sign-on: The Security Leader's Not-so-secret Weapon