Wild Ways people Remember Passwords

Everyone has done it, used some kind of wild way to remember user names and passwords. Let’s face it, the rules for managing passwords is overwhelming. People are required to remember numerous sets of credentials for all of the systems and applications they need to access their job and personal life, but it’s often too difficult to remember them all.

In addition, passwords often are required to be complex with several different symbols and characters, and they often need to be changed every month or so. Given all of the rules and parameters, how is anyone supposed to keep track, and remember, all of this information on top of all the work they need to complete, PIN codes they need to recall and every other detail that takes up much needed bandwidth?

How do most people remember their passwords? Chances are they keep all of their pass codes in some type of non-secure method to remember them. Given my line of work with clients facing complex password issues, I’ve witnessed many wild ways in which end users use to remember passwords. Frighteningly so, some people even believe that their methods for password “storage” are safe and don’t realize that they are actually putting their organizations at risk.

Though organizational leaders may think that requiring employees to use complex passwords that get changed often is making their network secure, reality is this is often counterintuitive and leads employees to user non-secure methods.

Here are just some of wildest ways I’ve seen people store their passwords:

1. Since employees feel they have to constantly login, many folks keep their credentials in front of them, written on Post-It notes, pasted to their computer screen in plain sight of passersby. That just makes it a lot easier for hackers to gain access to critical information.
2. Some people think that if they hide their passwords, this will keep their information more secure. Many employees, however, actually keep their password sheets in their desk drawer or under their keyboards, falsely assuming no one will just open the drawer or move the keyboard and take a peek.
3. Recently, one of our employees visited the doctor’s office and saw that the receptionist actually had her passwords listed on a recipe card atop the desk next to her monitor in clear view of everyone coming and going. Next to that card were instructions – step by step — for accessing all of her accounts.
4. Some people even use an invention that they believe is helping them keep their passwords safe: A type of notebook that looks like a phone book allowing them to write down their passwords and organize them. Sure, this is good for organization, but what happens when someone finds the notebook and has access to all of the credentials?

Chances are, many employees in virtually every organization use these methods, but these strategies can cause security risks for any organization. Luckily, though, there are easy ways to stop employees from using such non-secure methods.

One way is with a simple single sign-on solution. An SSO allows employees to create a single set of credentials for all of their systems and applications, eliminating the need to write down passwords or use other non-secure methods for storing their information. Employees simply log in with their credentials and thereafter are authenticated in each of their applications automatically after they are launched.

So, while it may be funny to read how employees remember their passwords, it won’t be funny when your organization faces a security breach because of it.

For more information, please visit our website.  

Opening up your Data to Customers and Partners

Where IT previously catered to internal employees needing access to information inside the company network, many organizations now find themselves in the preliminary stages of sharing information from their company networks with external clients. A wholesaler, for example, may offer clients a portal where they can view inventory and order status, their customer details, and outstanding invoices.

Ensuring the safe exchange of information to third parties is a whole other issue, as is the process of letting users authenticate themselves. However, the process is usually simple and easily managed, in most cases, automatically. 

Identity Providers

In addition to providing access to employees, organizations are also becoming identity providers for external customers needing access to business information stored in the company network. External clients, such as a utility provider, who log in to the network, via a portal, must be able to easily authenticate themselves.

Most organizations choose to use their existing Active Directory for this authentication. After all, the Active Directory (AD) is an excellent credential store for employee user accounts.

Since most users also often have considerable AD experience, enabling optimum management and continuity, most organizations also choose to include an AD account for external customers who need to access their network. Organizations often enter into agreements with Microsoft to prevent Client Access License (CAL) fees needing to be paid unnecessarily for infrequently-used AD accounts.

A drawback of adding customers to the internal AD is that the number of accounts increases significantly.

Organizations also often realize that they must have the identity lifecycle for third party accounts fully under control. After all, if any customer can log in via the portal, this could result in potential financial damage. Thus, the organization must ensure that their AD is clean and up-to-date. All of this represents a major management burden for the IT department.

These issues can easily be solved though using an identity management solution enabling real-time user account management for external customers.

The CRM Solution as Source System

Another consequence organizations face when deciding to add third party accounts to the AD is that it involves a source system other than the one utilized for employees.

For them, the HR system is often used to create network user accounts, but customer data comes from a CRM system. More often than not, CRM systems do not contain clean and up-to-date information, making them problematic to use as a source system for user accounts. If organizations want to act as identity provider for external customers, this means they either need to optimize the content of their CRM, or look for another source system.

Organizations can address this problem by not populating the AD until the customers log in to the portal the first-time, enter their details and are granted access after internal validation. By creating a link between the CRM system and the AD, it is then possible to add to the customer details using information from the CRM system.

For more information, please visit our website. 

Hard and Soft Savings Must Factor into ROI, Especially for Health IT Solutions

No matter the industry, each time a purchase is made, business leaders always want to know what they are getting in return for their financial investment. Questions frequently asked include: “How is this going to help me?” and “What is my return on investment?” Another phrase, often uttered by “Mr. Wonderful” Kevin O’Leary from the popular show Shark Tank is, “What am I getting for my investment?”

By examining the answers to these questions, business managers and organizational leaders must ensure that their budget is being adhered to and that purchases by the organization are considered, or proven, not to be a “waste” of money.” Often, return on investment (ROI) is a combination of both “hard” and “soft” costs and savings, which can often be difficult to determine. The “hard” cost is easy to define: What am I spending now versus what will I be spending on a different product, solution or system, or by doing nothing? Alternately, how is this solution going to allow me to save money in the long run? In this scenario – “hard” costs and savings — there is a definitive dollar figure that is able to be applied to implementing a solution.

“Soft” savings are a bit more of a complex issue; they are more difficult to determine and to document. For example, time and labor saved, or stress saved by employees completing a task that takes 10 minutes versus 35 minutes are soft savings. Soft savings also might be seen in improvements in customer service or in the customer experience. It is difficult to put a dollar amount on these scenarios and improvements, but they do impact a business, its success and its financial performance.

Time is money, of course, but in the case of healthcare perhaps it’s more fitting to say that “time is life.” This savings equates to valuable potential life-saving time, as we well know, and, in turn, improves patient care. As healthcare organizations seek ways to allow clinicians the ability to focus more on patients rather than on information technology, there are some solutions available — many that that are often overlooked that allow them to reach their goals. Some of these technology solutions provide a direct correlation between a physician’s ability to enter an information system, retrieve or enter information and get back to focusing on patient care. Essentially, with these types of solutions, like access and identity management, physicians can get back to work more quickly and their interaction with the technology is reduced.

Because of proven soft savings, most health executives are able to justify some expenses related to hard dollar investment for these types of solutions. For example, access management solutions allow IT leaders the ability to automate account management processes – accessing system information, resetting passwords and ensuring proper access to proper individuals — rather than requiring hospital system admin employees to provision, delete and manage employee’s accounts. Thus, these employees can focus on more important issues and devote time to higher priorities.

In healthcare specifically, identity and access management software plays a key role in optimizing “hard” costs. They reduce costs by automating the user account lifecycle, allowing accounts to be quickly provisioned for clinicians or account changes to easily be made so that they have access to what they need, when they need it. Other password management solutions, such as single sign-on, further allow clinicians to easily move from room to room without needing to enter separate credentials for each application repeatedly each time they switch computers or workstations.

Therefore, when thinking of making a decision to purchase new IT solutions, healthcare leaders should keep in mind questions like, “How is this going to help me?” and “What is my return on investment?” At the same time, they also need to remember to keep soft dollar savings in mind

For more information, please visit our website. 

Marywood University Case Study

Marywood University has implemented Tools4ver’s User Management Resource Administrator (UMRA). Located in Scranton, Penn., with more than 3,200 undergraduate and graduate students, and several hundred staff members, professors and other employees working at the university, the school needed an efficient way to provision user accounts.

With UMRA, the account management process at Marywood University is now fully automated so that no manual action needs to be taken by the IT staff. Once a student’s information is added into the Ellucian student information system, all appropriate accounts are automatically provisioned, a Gmail account is created and a password for the portal is generated.

Before adding Tools4ever’s UMRA, “It was an extremely time consuming, labor intensive challenge to provision portal accounts and corresponding Gmail addresses,” said Anthony Spinillo, chief information officer at Marywood University.

Spinillo added, “Our help desk would field dozens of calls per day because of long turnaround time on provisioning, but with UMRA, these calls dried up. Helpdesk staff now has much more time to help students and faculty with instructional technology issues.”

Marywood University also is planning to implement Tools4ever's Self Service Reset Password Manager (SSRPM) that will allow students and staff the ability to easily and securely reset their own passwords without needing to contact the help desk. Doing so will free up more time for Marywood University’s help desk employees and allow for students to be more productive.

For more information or to read the entire case study, please visit our website.