Simplifying secure access to applications in today increasingly more complex regulatory environments is a real challenge for nearly all IT organizations. The proliferation of passwords with audit satisfying policies for strength, frequency of change and even multi-factor authentication can have adverse affects on user and help desk productivity.
class=”MsoNormal” style=”margin: 0in 0in 0pt 0.5in”>Adding an enterprise single sign-on product to the Citrix product line up via Password Manger introduced a solution responding to the simplification issue facing users dealing with numerous passwords. Over the past several years, this has merged with the increasing need for improving security. Adding policy controls for password change, strength, frequency of change, and re-authentication before SSO credentials are submitted, are some examples.
class=”MsoNormal” style=”margin: 0in 0in 0pt 0.5in”>Changing user behavior is perhaps the biggest issue. Our surveys find most users have 3 to 10 password protected applications (as work) to manage with 80%+ relying on some assistance tools (e.g., the under-the-keyboard rolodex). A disturbing percentage of companies experience some type of breach in security due to password related access. Passwords frustrate users. Is there a better way to improve password hygiene while simultaneously improving user access to applications? Is the end-user managing their own passwords creating a more significant problem than we are willing to acknowledge?
class=”MsoNormal” style=”margin: 0in 0in 0pt 0.5in”>Here are some interesting stats from a recent survey:
class=”MsoNormal” style=”margin: 0in 0in 0pt 0.5in”>- 76% have systems that allow repeating the same password on multiple applications
- 41 % said all application passwords are assigned by the user; another 55% said some of the applications are assigned; some are set by the user.
- 55% require applications password changes every 1 to 3 months
class=”MsoNormal” style=”margin: 0in 0in 0pt 0.5in”>We think IT can increase user productive while simultaneously improving security. What do you think?