An Approach for Mitigating Potential Threats in Practical SSO Systems