Hitachi ID Password Manager Business Case
Users who must manage multiple passwords to corporate systems and
applications have usability, security and cost problems.
Users have too many passwords. Each password may expire on
a different schedule, be changed with a different user interface
and be subject to different rules about password composition and reuse.
Some systems are able to force users to select hard-to-guess passwords,
while others are not. Some systems require that users change their
passwords periodically, while others cannot enforce expiration.
Users have trouble choosing hard-to-guess passwords.
Users have trouble remembering passwords, because they have too many of
them or because they chose a new password at the end of the day or week,
and didn't have an opportunity to use it a few times before going home.
These problems drive users to choose trivial passwords, to avoid
changing their passwords and to write down their passwords. All of
these behaviors can compromise network security.
When users do comply with policy and regularly change their passwords
to new, hard-to-guess values, they tend to forget their
passwords and must call the help desk.
Password and login problems are the top incident type at most IT help
desks, frequently accounting for 25% or more of total call volume.
In addition to the above security and support cost problems, users
simply don't like memorizing and typing passwords. Password management
is a nuisance that contributes to a negative perception of IT service.
Despite all these problems, passwords will continue to be needed for
years to come:
- Passwords are significantly less expensive to deploy and support
than other technologies.
- Other authentication technologies, such as biometrics, smart cards
and hardware tokens, are typically used along with a password or PIN.
i.e., "something you have" (smart card, token) or "something you are"
(biometric) plus "something you know" (password, PIN).
- Passwords are an important backup to other authentication technologies:
- Hardware devices can be lost or stolen or simply left at home.
- Some devices from which users need to access corporate systems,
such as smart phones and home PCs, may not support more advanced
Since passwords are not going away and remain difficult for users
to manage, solutions are needed to help users more effectively
manage their passwords.
Hitachi ID Password Manager improves the security of authentication processes:
- A strong, uniform password policy prevents the use of easily
guessed passwords and ensures that all passwords are changed
- Password synchronization discourages written passwords ("sticky notes").
- Consistent, reliable authentication processes ensures that users
are reliably identified before accessing sensitive services, such as
a help desk password reset.
- IT support staff can be empowered to assist callers without having
administrator accounts on every system and application.
- Extensive audit logs create accountability for password resets.
- Encryption ensures that passwords are not stored or transmitted
Cost Savings and Improved Productivity
Password Manager realizes cost savings and enhanced productivity for both
users and the IT support organization:
- User productivity: Users experience fewer password problems.
This is a result of password synchronization, which helps users to
remember one or two passwords, rather than forgetting or writing
down many different passwords.
- Fewer IT support calls: Login problems are resolved by
users, without calls to the help desk.
Users can reset forgotten passwords, clear intruder lockouts,
recover hard disk encryption keys and reset PINs on their smart
cards and tokens -- all via self-service.
- Reduced cost per support incident: Calls that still
reach the help desk are resolved more quickly.
Remaining login-related support calls are resolved with a streamlined
Password Manager process, which includes support analyst authentication, caller
authentication, problem resolution and which automatically submits
a ticket to the help desk incident management system.
Improved User Service
Password Manager improves user service by simplifying system and application
login processes for users:
- Users only have to remember one or two passwords.
- All passwords are managed through a single, friendly interface.
- Password policy is the same everywhere and is clearly defined.
- Application login prompts can be automatically filled in using Hitachi ID Login Manager.
- In the event of a password or login problem, users can
quickly resolve their own problem, rather than calling the
help desk and waiting for service.
- Password expiration notices are delivered to all users, including
mobile users with cached credentials, who currently do not receive them.
- Self-Service, Anywhere:
With self-service, anywhere technology, users can resolve problems with their passwords, smart cards, tokens or full disk encryption software both at the office and mobile, from any endpoint device.
Password Manager features -- including password synchronization and reset, single sign-on, token and smart card PIN reset, encryption key recovery and more.
- Business Case:
Password Manager improves service for users, who experience fewer password and login problems. It reduces help desk call volume by eliminating password problems through synchronization and diverting password problem resolution to self-service. Password Manager strengthens security through use of better passwords, stronger authentication prior to password resets, clear audit trails and the ability to delegate support privileges without having to give help desk staff full administrative access to systems.
- Screen Shots:
Snapshots of the Password Manager web user interface.
- Screen Recordings:
Recordings of user interaction with Password Manager.
- Concept Animations:
Animated demonstrations illustrating user interaction with Password Manager and data flow between components on the network.
- Slide Decks:
A variety of slide presentations about password management in general and Password Manager in particular.