Guest post by Dean Wiech, managing director, Tools4ever.
Passwords are everywhere. Despite the endless headlines about their death and sure destruction in countless publications across the globe, passwords are and will continue to be used in nearly every business setting for the foreseeable future. Whether you’re a physician making the rounds in a hospital, a mechanic at a service garage, a CIO for a major software firm, a bank teller logging into several applications to assist customers or an employee at a manufacturer, chances are better than average that you access these systems with a user name and password.
Organizations of all sizes use credentials for their employees to ensure security of the information in their systems, and to protect against unwanted access to the data in the systems. As with any solution used, once in play there’s bound to be some issues incurred with these passwords. Regardless of how many passwords employees need to remember and how often they need assistance to reset them, passwords remain crucial ingredient to a network’s security protocols.
Passwords: Where We Have Come
The first passwords were created in the 1960s for MIT’s Compatible Time-Sharing System. Passwords were first used because several users needed to access the system as unique entities. Each user created a password, which were then stored on the computer system. However, program leaders soon learned that this method of storage did not work after one user who wanted more time on the computer simply printed out the passwords from the machine and logged in as a different user than himself – since each user was only granted so much time per week under their identity. Thus, program leaders discovered that program needed more secure methods for password usage and storage. This also was likely the first recorded data breach anywhere in the world.
The next phase led to encrypted passwords so that no one could easily go in to steal all of the users’ credentials, as was the case at MIT. Passwords began protecting secure information rather than just taking on a gatekeeper role. As they spread into business and workplaces worldwide, passwords became encryption devices that could not easily be hacked or pilfered.
Finally, millions of organizations began to rely on computers, obviously, for all of their business needs and users needed to enter credentials for each system they needed to access. To easily remember all of these passwords, users began to either user very simple passwords or the same password for each system. Again this became an issue since hackers utilized tools to easily compromise the password and gain access to the systems.
Where We Are Today
Welcome to today. As we know, organizations are overwhelmed by the issue of password breaches. Solution? To mitigate this problem, organizations often require employees to use complex passwords, each unique to the different systems they are using. To say the least, this process has evolved into a difficult mental exercise. According to a recent Tools4ever survey, end users access up to an average of 12 different systems and applications to perform their jobs. Humans are usually only capable of remembering about six complex passwords at the most. The rest get written down or filed on some random Excel sheet on the computer’s desktop. So what are they doing to remember all of their credentials?
Of course this defeats the purpose of the use of complex passwords for security, and often leads to frustration of users who take their anger out on the help desk, which is usually overwhelmed by such problems already. Think customer service is considered quality in these organizations? Usually not when these types of processes are in place.
The problems don’t end there. Employee productivity is cut when they must deal with these types of password maintenance issues. For example, every day in a typical healthcare setting, 91 minutes are wasted because of inefficient systems and workflows. On average, healthcare providers login to workstations and applications 70 times per day and spend an average of only 46 percent of their time on direct patient care.
Think of the great things your teams could do if they didn’t have to worry about logging in and out of workstations as they care for patients. While the data accessed may differ from department to department and facility to facility, what remains the same is the fact that, if multiple passwords and login credentials are in-play, there is a high probability that productivity is being negatively impacted. Providing direct access to systems and tools when and where it’s needed is key.
Password issues can also have a huge effect on your employee’s productivity. Think about how long it takes to resolve an issue when an employee is locked out of their account and needs to get a password reset? They need to contact the helpdesk, start a ticket, request that the helpdesk team resets the password, log in then get back to the work they need to accomplish. All of this is time that is taken away from the project they are working on, or the patient they are supposed to be helping. On the technical side, depending on the size of the organization, password management can require a full-time position at a large organization, since one of the top calls to the helpdesk is for password resets.
Another problem with passwords: all the steps, or “clicks,” and authentication processes some employees need to take just to access their applications. When time is critical, such as in hospitals, or when customer service is a priority, every minute counts and passwords can become a deterrent. If nothing else, they can be a time waster, as the 91 lost minutes suggests.
When these issues start to effect productivity of your employees is when it becomes an issue. So as the password and authentication process has evolved and become increasingly complex, how can organizations easily resolve the issues that have come about?
Password Productivity Issues
We’ve established that password pains can impact productivity. This is especially true for employees who are frequently moving to different computers, like physicians. Not only can the process of logging in and out manually be a huge waste of time, it’s been shown to have an impact on care, helping erode caregiver’s time away so that they spend as little as 46 percent with patients.
To be blunt, a single sign-on (SSO) solution can also be of assistance with this issue. Since users only need to enter their credentials one time for all of the systems they need to access there is far less wasted time created by their having to click around and enter credentials for each application they need to access on a regular basis, especially if they are frequently changing workstations. With the increase of employees using mobile devices to access their systems, the need for an SSO solution is even greater. They often need to quickly access the network from wherever they are.
Another productivity killer, as previously mentioned, is the occasional requirement to reset passwords. The typical scenario is for employees to call the helpdesk; which maybe experiencing a large volume of calls for password resets. This mean not only is the employee bogged down, but so too is the helpdesk team. In this situation, a self-service password reset solution is likely the best approach to getting productivity up to optimal levels. What that means is that you give employees the ability to reset their own passwords through the use of a simple online form. Users easily reset their own passwords after correctly answering several security questions. They do so without calling the help desk and get back to work quickly. Like any standard password reset option, this task can be done from anywhere, even the bedside of a patient.
Passwords: Where We Are Going
So where are we going with passwords and the issues that they create? As technology evolves, how do we keep up with the password issues and ensure that they do not interfere with business, security and productivity? One way we see passwords evolving in the near future is pairing one of the solutions mentioned (SSO and self-service password reset technology) with two-factor authentication, or more advanced methods, such as biometrics. For example, two-factor authentication can be paired with SSO, so that users type in a single PIN, and also present their ID card to the reader then automatically gain access to all of their applications. This ensures that there is an extra level of security, but that this authentication process does not need to be done for each one of their applications every time.
Two-factor authentication also can be paired with more advanced methods, such as biometrics. Biometrics is the use of the human body or traits to verify a user. For example, some methods use human voice, retina scanning, facial recognition or fingerprints can be used to authenticate a user. Some computers are even able to read the users signature and match it to their original signature in the system to verify the user.
Two-factor or multiple-factor authentication seems to be where we are heading with the future of authentication. This will allow organizations to provide the strongest security to their networks, without drastically interfering with the login process.
Password Management: Worth the Money?
Though these might be easy-to-implement solutions, many of those managing organizational budgets do not see the benefit and ROI of a password management solution; they believe that it is just an additional expense that they cannot squeeze into their budget.
Understood. But let’s add up the costs. Without such protections, we can see what large expenses they can be. For a large organization, a security breach can cost thousands of dollars as well can create an onslaught of bad publicity. The cost of a security breach can reach upwards of a couple million dollars. Additionally, once customers see that your system has been breached they are much less likely to want to do business with you; the cost of which is exceedingly difficult to calculate.
Everyday issues are a bit different. Specifically, issues surrounding password resets; seemingly innocuous issues until they are not. Research conducted on behalf of PricewaterhouseCoopers found that helpdesk tickets average between $12 and $40 per call, and that 45 percent of all helpdesk calls are for password resets. So, for an organization with just 1,000 users this costs about $60,930 a year. A self-service password reset solution can be implemented one time and save the organization dollars for years to come, not to mention the cost of the time wasted by lost employee productivity.
Overall, employees are bound to face password issues in every organization and industry. It is how they are handled that can effect productivity and security. Simple password management solutions can ensure that issues are easily handled without hindering productivity and security. As technology evolves so will many of the issues organizations have with authentication processes, and password management solutions will have to stay one step ahead of these issues.