Hitachi ID Password Manager Business Case
Passwords present a number of problems for organizations:
- Users have too many passwords and have a hard time remembering
- Password management is exacerbated when different passwords
expire on different schedules, are changed via different user
interfaces and are subject to different policies.
Users respond to these problems by
- Choosing trivial (and insecure) passwords.
- Avoiding password changes.
- Writing down their passwords, effectively reducing logical
security to be equal to physical security.
Users often forget their passwords or mistype them, creating
high IT support call volumes at the help desk -- this is
both inconvenient for users and costly for the organization.
The impacts of poor password management are:
- User frustration.
- High IT support cost.
- Weak authentication.
Hitachi ID Password Manager improves the security of authentication processes:
- Strong, uniform password policy:
A strong, uniform set of password composition rules and an
open-ended password history prevent the use of easily
guessed passwords and ensure that all passwords are changed
- Fewer passwords (to write down):
Password synchronization reduces the burden on users, who
can finally comply with rules against writing down their passwords.
- Authenticate users before resetting passwords:
Consistent, reliable authentication processes ensure that users
are reliably identified before accessing either self-service or
assisted password resets.
- Two-factor authentication:
User of multiple credentials can be mandated ahead of every
user interaction, blocking attacks on user accounts by convincing
the help desk to reset a victim's password.
- Secure SaaS logins:
Federated access allows two-factor authentication to be extended
to SaaS applications, not just Password Manager logins.
- No more privileged support accounts:
IT support staff can be empowered to reset passwords and clear
lockouts through the Password Manager portal, without direct
administrative rights on every system and application.
Cost Savings and Improved Productivity
Password Manager reduces the IT support cost associated with passwords:
- Lower problem frequency: Users have fewer passwords to remember,
due to password synchronization. They are invited to change
passwords in the morning, at the start of the week, after which
the new password will be used often, so not forgotten. As a
result, users tend to remember their passwords and have fewer problems.
- Lower call volume: Not only do users have fewer login
problems, but they can resolve those problems on their own.
Self-service password reset and unlock are available at the PC
login screen, on a browser, with a smart phone app or a phone
call, on-site or away. Users who resolve their own problems
don't call the help desk.
- Lower peak volumes: Most password reset calls happen
during a few short hours, at the beginning of the first work day of
the week and especially after holidays. By driving down problem
frequency and call volume generally, these peaks are attenuated.
As a result, fewer total help desk staff are needed.
- Reduced cost per incident: Even when users do call for
support, a single and efficient web portal enables support staff
to authenticate them, reset passwords, clear lockouts and
generate tickets quickly and easily, shortening call duration
and incident cost.
Improved User Service
Password Manager improves user service by simplifying password management:
- Fewer passwords:
Users only have to remember one or two passwords -- these are
synchronized across the user's accounts on various systems.
- Help off-site users:
When a user is away from the office and forgets
his PC login password, he must bring or ship his PC back to the
office, so that any password reset can be applied to the local
credential cache. Password Manager eliminates this business interruption
by enabling self-service password reset, from the PC login prompt,
even for users who are not at work.
- Simpler UI:
All passwords are managed through a single, friendly web portal.
- Clear, consistent policy:
Password composition rules are clearly explained and applied to
all systems and applications.
- Resolve login problems:
In the event of a password or login problem, users can
quickly resolve their own problem using self-service, rather than
calling the help desk and waiting for service.
- Advance warning of password expiry:
Password expiration notices are delivered to all users, including
off-site users who would otherwise get no warning before their
account is locked out.
- Personal vault:
Users can store unmanaged credentials in a secure, personal
password vault, accessible using their PCs or phones.