Hitachi ID Password Manager Business Case
Users who must manage multiple passwords to corporate systems and applications have usability, security and cost problems.
Users have too many passwords. Each password may expire on a different schedule, be changed with a different user interface and be subject to different rules about password composition and reuse.
Some systems are able to force users to select hard-to-guess passwords, while others are not. Some systems require that users change their passwords periodically, while others cannot enforce expiration.
Users have trouble choosing hard-to-guess passwords.
Users have trouble remembering passwords, because they have too many of them or because they chose a new password at the end of the day or week, and didn't have an opportunity to use it a few times before going home.
These problems drive users to choose trivial passwords, to avoid changing their passwords and to write down their passwords. All of these behaviors can compromise network security.
When users do comply with policy and regularly change their passwords to new, hard-to-guess values, they tend to forget their passwords and must call the help desk.
Password and login problems are the top incident type at most IT help desks, frequently accounting for 25% or more of total call volume.
In addition to the above security and support cost problems, users simply don't like memorizing and typing passwords. Password management is a nuisance that contributes to a negative perception of IT service.
Despite all these problems, passwords will continue to be needed for years to come:
- Passwords are significantly less expensive to deploy and support than other technologies.
- Other authentication technologies, such as biometrics, smart cards and hardware tokens, are typically used along with a password or PIN. i.e., "something you have" (smart card, token) or "something you are" (biometric) plus "something you know" (password, PIN).
- Passwords are an important backup to other authentication technologies:
- Hardware devices can be lost or stolen or simply left at home.
- Some devices from which users need to access corporate systems, such as smart phones and home PCs, may not support more advanced authentication methods.
Since passwords are not going away and remain difficult for users to manage, solutions are needed to help users more effectively manage their passwords.
Hitachi ID Password Manager improves the security of authentication processes:
- A strong, uniform password policy prevents the use of easily guessed passwords and ensures that all passwords are changed regularly.
- Password synchronization discourages written passwords ("sticky notes").
- Consistent, reliable authentication processes ensures that users are reliably identified before accessing sensitive services, such as a help desk password reset.
- IT support staff can be empowered to assist callers without having administrator accounts on every system and application.
- Extensive audit logs create accountability for password resets.
- Encryption ensures that passwords are not stored or transmitted in plaintext.
Cost Savings and Improved Productivity
Password Manager realizes cost savings and enhanced productivity for both users and the IT support organization:
- User productivity: Users experience fewer password problems.
This is a result of password synchronization, which helps users to remember one or two passwords, rather than forgetting or writing down many different passwords.
- Fewer IT support calls: Login problems are resolved by
users, without calls to the help desk.
Users can reset forgotten passwords, clear intruder lockouts, recover hard disk encryption keys and reset PINs on their smart cards and tokens -- all via self-service.
- Reduced cost per support incident: Calls that still
reach the help desk are resolved more quickly.
Remaining login-related support calls are resolved with a streamlined Password Manager process, which includes support analyst authentication, caller authentication, problem resolution and which automatically submits a ticket to the help desk incident management system.
Improved User Service
Password Manager improves user service by simplifying system and application login processes for users:
- Users only have to remember one or two passwords.
- All passwords are managed through a single, friendly interface.
- Password policy is the same everywhere and is clearly defined.
- Application login prompts can be automatically filled in using Hitachi ID Login Manager.
- In the event of a password or login problem, users can
quickly resolve their own problem, rather than calling the
help desk and waiting for service.
- Password expiration notices are delivered to all users, including mobile users with cached credentials, who currently do not receive them.