View Points >> Viewpoints

The problem with password policies and its impact on productivity %&T$9F$. .... This might either have been my old PC login, or the abuse thrown at my CTO when I got back to work this year and found the password no longer worked.

Wasting 45 minutes while I tracked him down to reset it was not the most productive way of starting 2006 either.

Password policies have become the bane of corporate life. A breach can have devastating consequences for a company, so it`s no surprise that more and more organisations now force their staff to use strong passwords and reset them on a monthly, or even more frequent, basis. The downside of this is that it`s human nature to forget important things like passwords. And when we do, not only do we create additional work for our IT departments, but we lose otherwise productive work time.


reckons that forgotten passwords cost the average US company some $250 per employee per year. Over here, at least two large companies I have spoken to estimate about 40% of their IT helpdesk time is taken up with password-related queries.

Given this significant and ongoing cost, it`s puzzling that companies don`t take secure sign-on more seriously.

The principle of secure sign-on is that a token or key, such as a fingerprint, is used to authenticate the user. To log on to an application, the individual will scan their finger[print] - if identified, the secure sign-on software will automatically enter the password relevant to the application, thus allowing the individual to gain access to their program.

South Africa would seem an obvious candidate for secure sign on. Corporates generally have good IT systems and are security-conscious. What`s more, the country is viewed as a pioneer in the use of biometrics - companies here were using fingerprints to open doors or clock staff in and out long before the Americans or Europeans.


Yet we lag behind the States and Europe when it comes to logical access control. Walk into a major corporation anywhere from Houston to Paris and you`ll see staff swiping their fingers to log onto their workstations.

But in Joburg and Cape Town we still tap away at our keyboards, exposing ourselves and our systems to any number and every manner of intercepts - from a casual observer spotting a password to a spyware program logging our keystrokes. So why haven`t South African companies embraced logical biometric access systems in the way they have physical ones?

The perceived cost of putting fingerprint readers on every PC is an issue. Even in bulk, the hardware will cost a few hundred rand per PC - and that`s without licences or training costs and rollout management.

It`s possible that the lack of a suitable local product has also been a deterrent. Most logical access systems require a fair degree of customisation to comply with individualised security policies - and it gets quite pricey to fly in a consultant every time a configuration needs to be changed.


For companies that want the benefits of a secure password management facility without the cost of putting fingerprint readers at every workstation, solutions such as the password reset kiosk is ideal.

The principle is simple. If a user forgets their password, instead of the frustrating and time-consuming process of calling the help desk, the absent-minded employee will stroll over to the password reset kiosk. They type in their name, authenticate themselves by scanning their finger and then create a new password. The whole process takes a matter of seconds.

Productivity loss falls, helpdesks have time to concentrate on genuine support issues ..... and there`s one less excuse for calling the CTO a w&%6#r.

About the author: Charlie Stewart is the marketing director of fingerprint authentication systems provider, transmetriX.

Tags: Viewpoints