Taming the Password: User Self Service for Password Management

Empower your end users, reduce costs, and improve compliance and security

By Dennis Oshiba, Principal Architect for A10 Networks

Overview

The use of passwords for end user authentication is still the most prevalent authentication method today, but because of the insecurity of using passwords, policies have to be implemented by organizations to help ensure passwords cannot be repudiated while balancing ease of use. Deploying user self service for passwords empowers end users to help themselves with common password problems such as forgotten passwords, while reducing overall costs.

When it comes to providing internal employee access to financial applications or resources, the financial services information technology industry, like other industries, relies on passwords as a critical mechanism. Although there are many techniques for authentication available today, use of passwords remain prevalent for the majority of internal end users.

The Challenges of Passwords

The requirements imposed on passwords today have evolved. Compliance or policy requirements may dictate that password complexity must be at least eight characters long and contain at least two alphabet characters, one number, and one symbol, and must not be a dictionary word or numeric sequence. Policy may also require that passwords are changed at a periodic interval, such as every 90 days, and that previous passwords cannot be reused.

With the advancement of technology, it is not uncommon for an organization to have multiple systems, legacy and new, with different password repositories. Thus end users may have multiple accounts, and potentially multiple passwords to remember. Requiring end users to change their passwords periodically can become a burden if they need to change their password in multiple places and the procedure of changing their passwords is different on each system.

While enforcing password policy may improve the overall security of using passwords, it also creates the problem of users remembering their password and if they have multiple passwords, the problem multiplies. Users are more likely now to forget their passwords and lock themselves out of their accounts. This typically results in end users writing passwords on a piece of paper thus defeating security measures.

End users then contact the help desk to assist with password resets or ask for instructions on how to change a password on a specific system. If the help desk person is not available, the end user is blocked from completing his work and must wait. This can be exceptionally frustrating when working remotely. And the result is increased help desk calls and decreased productivity.

Benefits of Deploying User Self Service for Passwords

The banking sector of the financial industry has been at the forefront of deploying self service techniques. The concept of self service is simple yet powerful. Empower users to help themselves and thus reduce costs while increasing productivity.

As an example, the automated teller machine, or ATM, has changed the way people make common financial transactions such as deposits or withdrawals from their personal savings accounts. The benefits to banks are:

• Reduce cost by not requiring a person such as a teller to provide the service to customers.
• Provide the service anytime, or 24x7. No longer are these services available from just 9:00 am to 4:00 pm on weekdays.

Most users today prefer dealing with the ATM than a teller for simple transactions, both for speed and reduction of potential human error or miscommunication.

Leading analyst firms suggest that 30% or more of help desk calls are related to password problems. Highly skilled information technology staff spend their time helping users reset their passwords. Similarly, organizations can benefit by deploying user self service for passwords by:

• Reducing the need for help desk staff to provide password services.
• Providing password services anytime, or 24x7, and thus minimizing end user downtime.

Solution: ID Series User Self-Service for Password Management

Why build your own solution for user self service for passwords? There are products on the market today, such as A10’s ID Series appliance with the User Self-Service Web Portal feature that are easy to install into your existing infrastructure and provide the service at a fraction of the cost with product support included.

A10’s User Self-Service Web Portal provides many benefits to organizations, including:

• Centralized password policy enforcement
• Password synchronization for multiple accounts
• Historical audit trail – know who has made a change, when and from where
• Reports for improved compliance
• Allows expiring passwords to be changed per policy, and sends email reminders
• Increased security, including non-repudiation of passwords, ensuring the user is the only person knowing there accounts password

The User Self-Service Web Portal includes additional advantages, which should always be considered when selecting a password management system as follows:

• Rapid and easy deployment
• Ease of use
• Cost saving
• Compliance
• Redundancy

A10 Networks’ User Self-Service Web Portal is an agent-less and client-less solution ensuring rapid “drop-in” deployment. It contains appliance-based versus per user licensing to ensure no additional licensing fees need to be contemplated.

Additional Considerations for Solution Evaluation

It is instructional to evaluate appliance versus software based solutions. Software solutions are attractive as they may be obtained instantly, but there are potential downsides such as incompatibilities in software system libraries or operating systems with the software application. The appliance model ensures there are no incompatibilities because the software, operating system, and hardware are tested and bundled as one. It also has built in security, versus installing software on a generic operating system (OS), which requires “hardening” the OS for security and can be time consuming or complex.

Additional elements to consider are ease of use, ROI and compliance. The solution must be so easy for the end user that they do not need to read a manual to use it. It should provide significant cost savings in the long term (ROI) or it will not make business sense to deploy. It should also help improve compliance with the regulations of the organization.

The last element to consider is redundancy. The end user’s password reset data as well as historical audit trail are critical information that cannot be lost. The ability to replicate this data to a hot standby unit in the event of service failure is essential to provide high availability of the service. The ability to schedule data backups is also a critical component to consider when evaluating solutions.

Conclusion

Any organization that uses passwords for end user authentication will benefit from deploying a user self service for passwords solution, such as A10’s ID Series appliance with the User Self-Service Web Portal feature. It makes life easier for the IT staff, saves money and increases productivity for the organization while satisfying business requirements, increasing security and compliance and keeping end users happy.

Dennis Oshiba is the Principal Architect for A10 Networks’ ID Series family of network identity management appliances. He has 17 years of enterprise IT experience, with a focus on security and identity management.