Hitachi ID Password Manager Business Case

Hitachi ID Password Manager improves service for users, who experience fewer password and login problems. It reduces help desk call volume by eliminating password problems through synchronization and diverting password problem resolution to self-service. Hitachi ID Password Manager strengthens security through use of better passwords, stronger authentication prior to password resets, clear audit trails and the ability to delegate support privileges without having to give help desk staff full administrative access to systems.

The Challenge

Passwords present a number of problems for organizations:

  1. Users have too many passwords and have a hard time remembering them all.
  2. Password management is exacerbated when different passwords expire on different schedules, are changed via different user interfaces and are subject to different policies.

Users respond to these problems by

  1. Choosing trivial (and insecure) passwords.
  2. Avoiding password changes.
  3. Writing down their passwords, effectively reducing logical security to be equal to physical security.

Users often forget their passwords or mistype them, creating high IT support call volumes at the help desk -- this is both inconvenient for users and costly for the organization.

The impacts of poor password management are:

  1. User frustration.
  2. High IT support cost.
  3. Weak authentication.

Stronger Security

Hitachi ID Password Manager improves the security of authentication processes:

  • Strong, uniform password policy: A strong, uniform set of password composition rules and an open-ended password history prevent the use of easily guessed passwords and ensure that all passwords are changed regularly.

  • Fewer passwords (to write down): Password synchronization reduces the burden on users, who can finally comply with rules against writing down their passwords.

  • Authenticate users before resetting passwords: Consistent, reliable authentication processes ensure that users are reliably identified before accessing either self-service or assisted password resets.

  • Two-factor authentication: User of multiple credentials can be mandated ahead of every user interaction, blocking attacks on user accounts by convincing the help desk to reset a victim's password.

  • Secure SaaS logins: Federated access allows two-factor authentication to be extended to SaaS applications, not just Password Manager logins.

  • No more privileged support accounts: IT support staff can be empowered to reset passwords and clear lockouts through the Password Manager portal, without direct administrative rights on every system and application.

Cost Savings and Improved Productivity

Password Manager reduces the IT support cost associated with passwords:

  • Lower problem frequency: Users have fewer passwords to remember, due to password synchronization. They are invited to change passwords in the morning, at the start of the week, after which the new password will be used often, so not forgotten. As a result, users tend to remember their passwords and have fewer problems.

  • Lower call volume: Not only do users have fewer login problems, but they can resolve those problems on their own. Self-service password reset and unlock are available at the PC login screen, on a browser, with a smart phone app or a phone call, on-site or away. Users who resolve their own problems don't call the help desk.

  • Lower peak volumes: Most password reset calls happen during a few short hours, at the beginning of the first work day of the week and especially after holidays. By driving down problem frequency and call volume generally, these peaks are attenuated. As a result, fewer total help desk staff are needed.

  • Reduced cost per incident: Even when users do call for support, a single and efficient web portal enables support staff to authenticate them, reset passwords, clear lockouts and generate tickets quickly and easily, shortening call duration and incident cost.

Improved User Service

Password Manager improves user service by simplifying password management:

  • Fewer passwords: Users only have to remember one or two passwords -- these are synchronized across the user's accounts on various systems.

  • Help off-site users: When a user is away from the office and forgets his PC login password, he must bring or ship his PC back to the office, so that any password reset can be applied to the local credential cache. Password Manager eliminates this business interruption by enabling self-service password reset, from the PC login prompt, even for users who are not at work.

  • Simpler UI: All passwords are managed through a single, friendly web portal.

  • Clear, consistent policy: Password composition rules are clearly explained and applied to all systems and applications.

  • Resolve login problems: In the event of a password or login problem, users can quickly resolve their own problem using self-service, rather than calling the help desk and waiting for service.

  • Advance warning of password expiry: Password expiration notices are delivered to all users, including off-site users who would otherwise get no warning before their account is locked out.

  • Personal vault: Users can store unmanaged credentials in a secure, personal password vault, accessible using their PCs or phones.