Dean Wiech joined Tools4ever in April 2006 and is responsible for the Tools4ever, Inc. operations the United States. His duties include direct sales as well as the responsibility for the sales, technology and consulting team along with the day-to-day operations for the company.
Dean has been involved with sales and sales management in the software arena for over 20 years – before joining Tools4ever he was Vice President of Sales for a Manhattan based Software Company that is specialized in cost allocation and spend optimization. He attended the University of Akron and studied Chemical Engineering before deciding to pursue a career in technology.
Password Management: History, Costs, Problems and Pain Points, and Solutions Published: April 3, 2015 • Service Technology Magazine Issue LXXXIX PDF
Everyone in the business world uses passwords. Whether you are a bank teller logging into several applications to assist customers, a fast food service worker logging into the register, or a nurse or doctor accessing patient information, chances are you do so with a user name and password. Organizations and businesses of all sizes use credentials for their employees to "ensure" security of the information in their systems. This means from time to time, or with some regularity, they incur problems with these passwords. Whether it needs to be reset, or employees are spending a great deal of time entering passwords for multiple applications or they are not able to remember them, passwords are crucial to keeping your network secure but they frequently cause numerous issues.
History of Password Problems
As passwords have evolved over time, so have the problems that we have with them. The first passwords were created in the 1960s for MIT's Compatible Time-Sharing System. Passwords were first used because several users needed to access the system as unique different entities. Each user created a password, which were then stored on the computer system, since hacking did not exist at the time. Program leaders soon learned this method of storage did not work when one user who wanted more time on the computer simply printed out the passwords from the computer and logged in as a different user. This is when it was realized that program leaders needed more secure methods for password usage and storage. [REF-1]
The next evolution was ensuring that passwords were encrypted in the computer system so that no one could easily go in to steal all of the users' credentials. This became important because as technology evolved, the password began protecting more secure information, such as the company's financial and customer data. Organizations needed to ensure that the passwords on their network were securely encrypted, and could not easily be hacked or pilfered.
The next progression of passwords came because more work started to be done on the computer and users needed to create passwords for each of their systems and applications they used for work. More organizations began to rely on computers for all of their business needs and users needed to enter credentials for each system they needed to access. To easily remember all of these passwords, users began to either user very simple passwords or the same password for each system. Again this became an issue, since hackers could easily figure out the password and gain access to the system.
Fast forward to the present and organizations are still having issues with this scenario. To mitigate this problem, organizations often require employees to use complex passwords, each unique to the different systems they are using. To say the least, this has evolved into a difficult mental exercise. According to a recent Tools4ever survey, end users access up to an average of 12 different systems and applications to perform their jobs. Humans can probably only remember about six complex passwords at the most, though. So what are they doing to remember all of their credentials?
Users tend to either write them down or keep them by their computer for reference when they are logging in, or they frequently forget their passwords and need to reset them. This defeats the purpose of the use of complex passwords for security, and/or and leads to frustration and may hinder customer service.
These issues can also have a huge effect on your employee's productivity. Think about how long it takes to resolve an issue when an employee is locked out of his account and needs to get his password reset? He needs to contact the helpdesk, start a ticket, have the helpdesk team reset his password, log in and then get back to the work they need to accomplish. All of this is time that is taken away from the project he are working on, or the customer he is supposed to be helping. Password management can even require a full-time position at a large organization, since one of the top calls to the helpdesk is for password resets.
Another modern day issue with passwords is all the steps or "clicks" and authentication processes some employees need to take just to access their applications. When time is critical, such as in hospitals, or when customer service is a priority, such as in banks, every minute counts and passwords can become a deterrent.
When these issues start to effect customer service or productivity of your employees or when it starts to impair the security of your network is when it becomes an issue. So as the password and authentication process has evolved and become increasingly complex, how can organizations easily resolve the issues that have come about?
Resolving Security Issues
As mentioned, one of the most common issues with passwords is ensuring that they are actually keeping your organization's network secure. Employees with many sets of credentials often write them down to remember them, keep them in a spreadsheet on their computer or use other electronic storage, thus drastically reducing the security of the network.
So, what if your organization uses complex passwords but does not want them to interfere with security? A simple solution many organizations have used is single sign-on. This is not a new development in the world of IAM, but is one of the simplest solutions to one of the most common password issue. Users simply enter a single set of credentials and are automatically authenticated each time an application is launched. If employees are only required to remember one set of highly complex credentials they are drastically less likely to use unsecure methods to remember them, and the organization can ensure security of their network.
Another security issue that often occurs is when an employee goes on leave, vacation or is out of the office for an extended period of time, they often give their credentials to another employee to perform their parts of their job while they are out. The issue is they might be giving their credentials to someone in the company that is not supposed have access to specific secure data. Once the employee returns from leave, their coworker still has access to the systems and applications that they should not be able to access.
To mitigate this issue, many SSO solutions allow employees to delegate other employees in the organization access to certain applications without needing to give them their credentials. As an example, say a manager will be out for a week, but one of their sales associates will need access to a certain application while the manager is away. The manager can easily delegate access for a certain period of time to that sales associate so they can login without needing the actual credentials. Then after that specified time period ends, access is automatically disabled so that the sales associate no longer has access to the application, without the manager needing to remember to physically disable the access or change the password. This ensures that access can easily be delegated without giving out credentials to an application that has highly secure data.
Another major modern day issue with password management is if your end users have to enter a myriad of passwords just to access the applications they need to assist customers or patients, it can have an impact on their productivity. Especially for employees who are frequently moving to different computers, this process can become burdensome and a waste of time.
As mentioned earlier, an SSO solution can also be of assistance with this issue. Since users only need to enter their credentials one time, there is far less wasted time having to click around and enter credentials for each application they need to access, especially if they are frequently changing workstations.
With the increase of remote workers, and those who are using mobile devices, the need for an SSO solution is even greater. They often need to quickly access the network from wherever they are. Like those employees working in the office, they can easily enter their single complex password and access their applications to complete work with clients.
Another productivity issue that can occur is if your organization is experiencing a large volume of calls to the helpdesk for password resets, leading to both issues for your end users and the helpdesk employees. In this situation, a self-service password reset solution can help. For password resets, end users can easily reset their own passwords after correctly answering several security questions. This eliminates the need for them to stop what they are doing and call the helpdesk. Any organization wants their employees to be as productive as possible and a trivial password reset can result in much wasted time, and often an angry customer who is waiting.
The Future of Passwords
So where are we going with passwords and the issues that they create? As technology evolves, how do we keep up with the password issues and ensure that they do not interfere with business, security and productivity? One way we see passwords evolving in the near future is pairing one of the solutions mentioned with two-factor authentication, or more advance methods, such as biometrics. For example, two-factor authentication can be paired with SSO, so that users type in a single password, and also present their ID card to the reader and then automatically gain access to all of their applications. This ensures that there is an extra level of security, but that this authentication process does not need to be done for each one of their applications each time.
Two-factor authentication can also be paired with more advanced methods, such as biometrics. Biometrics is the use of the human body or traits to verify a user. For example, some methods use human voice, retina scanning, facial recognition or fingerprints can be used to authenticate a user. Some computers are even able to read the users signature and match it to their original signature in the system to verify the user.
Two-factor or multiple-factor authentication seems to be where we are heading with the future of authentication. This will allow organizations to provide the strongest security to their networks, without drastically interfering with the login process.
Are Password Management Solutions Worth the Money?
Though it might be an easy solution to implement, many managers and those in charge of budget at an organization do not see the benefit and ROI of a password management solution. They believe that it is just an additional expense that they cannot squeeze into their budget.
When you start to add up the costs of password issues, though, you can see what a large expense it can be. For a large organization a security breach can cost thousands of dollars, as well as an onslaught of bad publicity. The cost of a security breach can reach upwards of a couple million dollars for a larger organization. Additionally, once customers see that your system has been breached they are much less likely to want to do business with you; the cost of which is difficult to calculate.
What about everyday issues, such as password resets? META Group research conducted on behalf of PricewaterhouseCoopers found that helpdesk tickets average between $12 and $40 per call, and that 45 percent of all helpdesk calls are for password resets. So, for an organization with just 1,000 users this costs about $60,930 a year. A self-service password reset solution can be implemented one time and save the organization dollars for years to come not to mention the cost of the time wasted by lost employee productivity.
Overall, employees are bound to face password issues in every organization and industry. It is how they are handled that can effect productivity and security. Simple password management solutions can ensure that issues are easily handled without hindering productivity and security. As technology evolves so will many of the issues organizations have with authentication processes, and password management solutions will have to stay one step ahead of these issues.