(By Info-Tech Analyst James Quin- Printed with permission from Processor Magazine www.processor.com).
Passwords. Just saying the word can be enough to send shivers down the spines of users and administrators alike. Users have too many to remember, and administrators have too many to reset. What was supposed to be an efficient and cost-effective way of providing secure authentication has become one of the biggest problems that enterprises face. Give everyone a break and move away from passwords.
Understanding The Nature Of The Beast
Though it is difficult to find definitive statistics on how many passwords the average corporate user has to remember, four or five is likely a reasonable (if not conservative) estimate. If this number is then multiplied by the number of times a year that these passwords must be reset, the count of passwords that need to be remembered rises significantly. Even if we assume a lackadaisical expiry rate of every 90 days, four or five passwords suddenly become 16 or 20 a year. Then, when we consider that these passwords must be a minimum number of characters in length (eight being the norm) and follow complex construction rules (upper- and lower-case letters, numbers, and special characters), is it any wonder that users forget their passwords?