Users who must manage multiple passwords to corporate systems and applications have usability, security and cost problems.
Users have too many passwords. Each password may expire on a different schedule, be changed with a different user interface and be subject to different rules about password composition and reuse.
Some systems are able to force users to select hard-to-guess passwords, while others are not. Some systems require that users change their passwords periodically, while others cannot enforce expiration.
Users have trouble choosing hard-to-guess passwords.
Users have trouble remembering passwords, because they have too many of them or because they chose a new password at the end of the day or week, and didn't have an opportunity to use it a few times before going home.
These problems drive users to choose trivial passwords, to avoid changing their passwords and to write down their passwords. All of these behaviors can compromise network security.
When users do comply with policy and regularly change their passwords to new, hard-to-guess values, they tend to forget their passwords and must call the help desk.
Password and login problems are the top incident type at most IT help desks, frequently accounting for 25% or more of total call volume.
In addition to the above security and support cost problems, users simply don't like memorizing and typing passwords. Password management is a nuisance that contributes to a negative perception of IT service.
Despite all these problems, passwords will continue to be needed for years to come:
Since passwords are not going away and remain difficult for users to manage, solutions are needed to help users more effectively manage their passwords.
Hitachi ID Password Manager improves the security of authentication processes:
Password Manager realizes cost savings and enhanced productivity for both users and the IT support organization:
This is a result of password synchronization, which helps users to remember one or two passwords, rather than forgetting or writing down many different passwords.
Users can reset forgotten passwords, clear intruder lockouts, recover hard disk encryption keys and reset PINs on their smart cards and tokens -- all via self-service.
Remaining login-related support calls are resolved with a streamlined Password Manager process, which includes support analyst authentication, caller authentication, problem resolution and which automatically submits a ticket to the help desk incident management system.
Password Manager improves user service by simplifying system and application login processes for users: