The Password Problem

Author: [email protected] 116 views

Most companies are all too painfully aware of all the typical challenges relating to passwords within a heterogeneous IT organization:

icons8-split-90
Proliferation:

Most companies use a wide variety of IT systems and although some of these systems use common password stores, many rely on their own passwords. This results in a proliferation of user passwords across the organization.

Complexity:

As part of good security practice companies implement password complexity policies. Complex passwords, to keep user passwords secure, also creates an unwanted side-effect by making passwords difficult to remember – especially when more than one password is needed to access different systems.

icons8-time-machine-96
History/Age:

On average, end-users are forced to change passwords every 30 to 90 days. Additionally, many systems enforce strict rules so that, for example, a password may not be reused.

Although these challenges are widely accepted as a real issue, they are all mostly focused on the experience of the end user in relation to passwords. When considering how to effectively manage passwords within an organization, additional efficiency, security, and risk factors needs to be taken into account. These includes:

  • Helpdesk Service Levels: The overhead on the company Helpdesk in relation to managing password across various platforms and system. This is often exacerbated by siloed application support team that have to move support requests around between Helpdesk Agents to reset password across multiple systems.
  • Outsourced Helpdesks: The security concern of having a Helpdesk Agent with access to reset senior management password. This risk is increased with the outsourcing of the Helpdesk to other vendors.
  • Compliance and Auditing: The need to maintain audit logging across all password management activities for a user across all reset end-points (irrespective of user or service desk activity).
  • Governance and Ownership: The security governance requirement that a user is the sole owner of his/her password, even when the Helpdesk is involved in assisting the user to reset the password.

All the points listed above, including many others, creates a real need in companies for a holistic solution that will solve user and Helpdesk password reset challenges; all while increasing the governance and compliance associated with password reset management.