The job of IT security is to protect information and business applications from unauthorized access. For decades, the most common authentication method has been personal passwords, largely due to the fact that they are easy to implement, from both an IT and a user perspective. The problem is that passwords no longer meet the demands of modern IT security. Moreover, they generate unnecessary additional costs and often provide a poor end user experience.
As the number of applications and services rise, so too does the number of passwords. Many users today have ten passwords or more for their daily work. To simplify, many people choose passwords that are generic, based on the user’s name or simple number combinations, and use the same passwords for multiple applications. There is often no incentive to periodically change passwords.
The result is passwords that are easy to crack by unauthorized persons who, without leaving a trace, can access business-critical data or destroy valuable information assets.
To improve security, many organizations choose strong passwords, centrally generated based on a common security policy. The problem is that users, who have just as many passwords as they did before, have a harder time remembering combinations of upper- and lower-case letters and other characters, especially when passwords have to be changed every other month.
To prevent IT security from being an obstacle to work, many users with shared workstations also share passwords with their colleagues. Passwords on post-it notes stuck to the computer screen or in the desk drawer become a direct invitation to trespassing.
Business-critical company information in the wrong hands can have catastrophic consequences. Access to applications and support systems by unauthorized persons can lead to destroyed equipment, potentially culminating in costly production stops, missed deadlines, or lost business.
Traditional password management is costly in itself. According to Gartner Group, password issues account for more than 30 percent of all calls to a company’s in-house IT support center. Forrester Research estimates the costs of administering passwords to at least USD 200 per year and user.