Hitachi ID Password Manager Security Benefits
Password management, especially in a heterogeneous environment where each user has multiple passwords, has many inherent security problems. In many organizations, weak password management is the single largest security problem.
| Security problem | Hitachi ID Password Manager (formerly P-Synch) solution | |
| Users write down passwords | Users with many passwords frequently write them down since they are too hard to remember. Written passwords may be attached to user workstations, stored on computer files, or carried around by users. None of these techniques are secure. | Password Manager helps users remember a single, strong password using password synchronization. |
| Users choose weak passwords | Users tend to pick simple, easy-to-remember passwords. Unfortunately,
such passwords are also easy to guess, and password cracking software can
easily find them.
Some computer systems offer password strength enforcement, but usually only a few rules are available, and the same rules are not available on different types of systems. |
Password Manager can enforce a single, strong and uniform password strength policy across every system in the enterprise. |
| Users never change their passwords | Over time, users may share their passwords with friends or co-workers. The best way to overcome this problem is to change passwords regularly. Unfortunately, users are reluctant to do this, and only some systems can force users to change their passwords often. | Password Manager can prompt users to change all of their passwords regularly. |
| Support staff reset passwords for unauthorized callers | When users forget their passwords, they call the help desk and ask for a password reset. The help desk may reset the caller's password with little or no proof of the identity of the caller. | Password Manager allows users to reset their own password, after being properly authenticated. It also integrates user authentication into the help desk password reset facility. |
| Too many people have administrative rights | Without Password Manager, many front-line support staff may have administrative rights to many systems, so that they can reset passwords for callers. A large number of people with administrative rights presents a serious security problem. | Password Manager allows front-line support staff to reset passwords on every system without having an account on those systems. This significantly reduces the number of people with administrative rights on the network. |
| There is no audit trail for password resets | Without Password Manager, there may be no way to tell who reset a user's password, when or why. | Password Manager logs administrator logins, user IDs, host IDs, time and date and password reset results. |
Password Manager improves the security of authentication processes:
- A strong, uniform password policy prevents the use of easily guessed passwords and ensures that all passwords are changed regularly.
- Password synchronization discourages written passwords ("sticky notes").
- Consistent, reliable authentication processes ensures that users are reliably identified before accessing sensitive services, such as a help desk password reset.
- IT support staff can be empowered to assist callers without having administrator accounts on every system and application.
- Extensive audit logs create accountability for password resets.
- Encryption ensures that passwords are not stored or transmitted in plaintext.