How Lack of Password Management Solutions Frustrates Users and Increases Administration Headaches

Passwords are a required component of any computing environment, but they needn’t be painful. Using the correct tools available today, the problems of password management can be reduced to barely a blip on the task list of all users both internal and external.
Tools that manage password management are primarily responsible with taking much of this pain away from the user. These tools are designed to assist with the administration of a user’s password, primarily by creating for the user a centralized store of credentials and profiles. Within that centralized store, an individual can aggregate multiple passwords across multiple applications under a single “master” password. As Figure 1 shows, this master password is then used as the point of synchronization to the passwords on other systems.
By creating this centralized credential store for users, their responsibilities for password management and maintenance can be limited to the single master password. Any further passwords required by that user are then handled by the toolset itself. This frees users from the pain—and the organization from the productivity loss—of the password nightmare.
The safety of an organization’s data requires vigilant security. Ensuring passwords are current and properly created is critical to the assurance of that security. When passwords are widespread and complicated for users to manage, a cost is incurred by the enterprise. By doing nothing to assist users with the management and maintenance of their credentials, the organization incurs an unnecessary set of liabilities that impact:
- User productivity. When users are required to maintain large numbers of individual usernames and passwords for computing resources, a level of overhead is added to each individual user. That overhead is paid in terms of lost productivity.
- Environment security. The more restrictive the password policy, the more difficult those passwords are to crack. At the same time, more complex passwords mean more difficult passwords to remember. When passwords are difficult to remember, insecure alternative storage methods are used such as writing them down. This has the unintended tendency to reduce the overall security of the environment.
- Help Desk. Concurrently, when the management of passwords is challenging, an additional cost is placed on the Help Desk. That cost relates to the amount of time spent performing password management activities on behalf of the user. An opportunity cost is paid relating to other environment problems that could have been resolved by trained Help Desk personnel.
Considering the situation outlined earlier, it is easy to see the problems associated with unmanaged passwords. In an organization of any size, the pain of password management can be easily quantified by looking at the types of requests that are called into the Help Desk during any period of time. When a large number of Help Desk tickets relate to forgotten or otherwise mismanaged passwords, an easy conclusion can be drawn that users are having problems managing their credentials.
Let’s take a look now at some of the issues associated with unmanaged passwords and how failing to implement centralized credential management tools can negatively impact an enterprise.
How many usernames and passwords should a particular user be required to keep and manage? Ten? Two? Only one? Obviously, by requiring the management of fewer credentials, users gain the advantage of efficiency. Reducing that number to only a single password minimizes the overhead required for users to manage their own identities associated with their network access. By doing this, the process of logging into systems for performing their daily work becomes less painful for users when they needn’t try to remember which username and password is required for entry into that system.
There is another problem related to environment security: When users are required to manage large numbers of credentials, this invariably leads to those credentials being written down. Those notes are then stored in quasi-secured locations such as employee desks or sticky notes attached to monitors. This problem of writing down credentials is doubly problematic due to the physical location where they are stored.