Manufacturers' password malevolence
Passwords are everywhere and manufacturing is no different, even if the headlines from specialty publications tell us otherwise. No matter your position, passwords, even in manufacturing, will continue to be used in nearly every business setting for more than the foreseeable future. Additionally, we will continue to see the rise of biometric and other technologies in the market. Even if you are a CEO, plant manager or line operator serving as the engine of manufacturing, chances are very high that you need access to systems and are using a user name and password to gain entry.
Manufacturers of all sizes in nearly every sector of the globe use password and access credentials as the gateway into their respective information systems to view, manipulate and change data as required. Even though passwords and other similar access tools are used to gain access to information does not mean they are impenetrable. Other issues are likely going to be trouble, too; passwords are no nirvana after all. Therefore, regardless of how many passwords your plant’s employees must remember and how often they need assistance in resetting them, passwords are crucial ingredient to a network’s security protocols.
Passwords: a history
The first passwords were created in the 1960s for MIT's Compatible Time-Sharing System. These passwords were first used by students in the program who were required to access the system as individual entities. As the story goes, each student user created a password; however, the program’s leaders soon learned that this method of storage did not work once they discovered that one user who wanted more time on the computer simply printed out the passwords from the machine and logged in as a different user than him or herself. This was a problem because each user was only granted so much time on the computer per week under their identity. Program leaders quickly found that this manner of storing passwords was not practical for protecting information or keeping others from accessing other student’s profiles. A more secure method was needed, they theorized, even on the first computer ever used. On another note, this also was likely the first recorded data breach anywhere in the world.
Next in the history of passwords, we saw the development of encrypted passwords – still used today -- so that no one user could easily steal another user’s credentials, as was the case at MIT. Passwords then were developed to protect secure information rather than just taking on a gatekeeper role. As they spread into business and workplaces worldwide, passwords became encryption solutions that could not easily be hacked.
As you know, millions of organizations have since adopted passwords protocols and are relying, of course, on computers and devices for their business needs -- and users enter credentials for each system they must to access. However, this has meant that for passwords to be remembered by users, they began to either user very simple passwords or the same password for each system. Or they simply wrote them down at their station or somewhere near their workstations on the floor.
A National Institute of Standards and Technology (NIST) at the US Department of Commerce survey found that the average person has nine work-related sets of credentials – five that are frequently utilized and four that are only needed occasionally. When password complexity, history and frequency of changes are factored in, the time spent by a member of your plant managing passwords can be substantial, not to mention what happens when a password is forgotten and needs to be reset. NIST also shows that employees are becoming overwhelmed with passwords because of different requirements between systems, especially when frequent changes are required, and your employees become frustrated because of forgotten passwords.
So how do most employees deal with password fatigue? Simple – they write them down. Sometimes they are in plain sight, such as emblazoned on a sticky note on the monitor or under their computer keyboard at their work station, or even near a shared work station on the plant floor. At other times, they are jotted on a piece of paper in their wallet or purse or is on a note inside their phone. Regardless of the method, the writing down of a user name password introduces a security risk that does not need to exist.
Today, passwords overwhelm us. They are complicated. There are too many of them, and rules for managing them too complex. According to a recent Tools4ever survey, users access up to an average of 12 different systems and applications to perform their jobs. Humans are usually only capable of remembering about six complex passwords at the most.
Your employee’s productivity is cut when they must deal with these types of password maintenance issues. Managing employee password access can be overwhelming for your plant’s IT structure, too. How long does it take to resolve an issue when an employee is locked out of his or her account and must receive a password reset? Even this process is convoluted: Employees contact the helpdesk, start a ticket, request that the helpdesk team reset the password, log in again then get back to the work they need to accomplish. All of this is time wasted that is taken away from the project the employee was working on. Technically speaking, based on the size of the organization, password management can require a full-time position or more at large manufacturers, since one of the top calls to the helpdesk is for password resets.
Another problem with passwords: All the clicks and authentication processes some employees need to take just to access their applications. When time is critical, every minute counts and passwords can become a deterrent. When these issues start to effect productivity of your employees is when it becomes an issue. So as the password and authentication process has evolved and become increasingly complex, how can organizations easily resolve the issues that have come about?
Pressing out password pains
Single sign-on (SSO) protocols can assist with password pains. Through such solutions, users only enter their credentials (password and user name) one time for all systems. Also, in the case of password resets, self-service password reset technology is likely the best approach. Employees reset their own passwords through the use of a simple online form; they can do this from anywhere. Headquarters, the plant floor, on delivery routes or while traveling. Users reset their own passwords after correctly answering a few security questions without the need to contact the helpdesk or the IT department.
Future of passwords
As technology evolves, in the near future the likely pairing of one of the solutions mentioned (SSO and self-service password reset technology) with two-factor authentication or more advanced methods like biometrics, is expected. Two-factor authentication can be paired with SSO so that users type in a single PIN, and also present their ID card to the reader and automatically gain access to all of their applications.
Two-factor authentication also can be paired with biometrics. Biometrics, of course, is the use of an individual’s human body (like a fingerprint or veins in the hand) or traits that verify a user. Some methods even use human voice, retina scanning, facial recognition or fingerprints to authenticate a user. Two-factor or multiple-factor authentication is where we are heading with the future of authentication, meaning stronger security to their networks, without drastically interfering with the login process.
Employees are bound to face password issues in every organization and industry. It is how they are handled that can effect productivity and security. Simple password management solutions can ensure that issues are easily handled without hindering productivity and security. As technology evolves so will many of the issues organizations have with authentication processes, and password management solutions will have to stay one step ahead of these issues.
Increasing employee satisfaction while balancing security needs can put your IT department in a difficult position, too. On one hand, they want to minimize employee inconvenience related to remembering numerous sets of credentials, while maintaining security associated with complex passwords and eliminating passwords being written down.
Fortunately, there are many commercially available software solutions to solve both of these issues. Many organizations start out with something as simple as password synchronization. When a user changes their network password, it is synchronized across the numerous systems. While this solution can work and is appealing from the standpoint that an end user now only has one password to remember, there are some potential pitfalls. The first issue that can arise is usernames. The network may have j.doe while ERP has JohnDoe and HR may have John_Doe. The second potential issue deals with password complexity and history rules. One system may need eight characters while another needs 10; one system may accept special characters while another cannot; one system may need a change every 60 days while another needs a change every 90 days.
These issues can be resolved by using translation tables for user names and password complexity rules that address the least common denominator, it is not always a simple, error-free configuration. It also requires intervention to identity all the username differentials between the systems in an organization.
You can resolve the password issue with SSO, allowing users the ability to login into a secure portal or use their network authentication to access systems and all apps required of their position and once the single credential is verified all are opened and presented on their device or computer. The first time a user launches an app, he or she provides their proper credentials. Going forward, their credentials are remembered and provided automatically. No further need to remember each individual user name and password for all systems used in the course of a day.
This can even be taken several steps further from a security perspective. The credentials can be pre-loaded into their SSO profile so the user never even realizes there are different credentials for each app. However, if they attempted access from outside the portal, access would be denied. Also, an administrator could inactivate a user’s SSO profile, immediately removing access to all applications. The SSO portal can also be locked down, by user and application, to specific device types, time of day, IP range and internal or external network connections.
It is also possible to add two-factor (2FA) authentication to the portal or sensitive applications, requiring the use of a PIN or biometrics, smart cards, etc. for access. Significant reduction in frustration and password fatigue can be experienced when a smart card is used as a replacement to passwords for the majority of users.
Fortunately, there are many commercially available solutions for this problem, as well. Applications that allow users to reset their network password from the Windows login screen or a web portal on kiosk computer are relatively inexpensive and easy to deploy. The user simply answers challenge questions provided during an enrollment phase and can reset their password immediately. This is especially useful for people working on shifts when the helpdesk may not be open. If utilizing a password synch model, this new password is immediately set in all connected applications. If using an SSO model, the user can now regain access to the network and the portal.
Password frustration and fatigue are real issues and are only getting worse, but you can streamline this process across multiple organizations and business types – like a plant and the business office. Using a single, simple password across multiple websites and applications you can eliminate writing down passwords while increasing security and efficiency for everyone involved.
Dean Wiech is managing director of Tools4ever US.
Follow @ManufacturingGL and @NellWalkerMG
Siemens: Providing the First Industrial 5G Router
Across a number of industry sectors, there’s a growing need for both local wireless connectivity and remote access to machines and plants. In both of these cases, communication is, more often than not, over a long distance. Public wireless data networks can be used to enable this connectivity, both nationally and internationally, which makes the new 5G network mainframe an absolutely vital element of remote access and remote servicing solutions as we move into the interconnected age.
Siemens Enables 5G IIoT
The eagerly awaited Scalance MUM856-1, Siemens’ very first industrial 5G router, is officially available to organisations. The device has the ability to connect all local industrial applications to the public 5G, 4G (LTE), and 3G (UMTS) mobile wireless networks ─ allowing companies to embrace the long-awaited Industrial Internet of Things (IIoT).
The router can be used to remotely monitor and service plants, machines, as well as control elements and other industrial devices via a public 5G network ─ flexibly and with high data rates. Something that has been in incredibly high demand after being teased by the leading network providers for years.
Scalance MUM856-1 at a Glance
- Scalance MUM856-1 connects local industrial applications to public 5G, 4G, and 3G mobile wireless networks
- The router supports future-oriented applications such as remote access via public 5G networks or the connection of mobile devices such as automated guided vehicles in industry
- A robust version in IP65 housing for use outside the control cabinet
- Prototypes of Siemens 5G infrastructure for private networks already in use at several sites
“To ensure the powerful connection of Ethernet-based subnetworks and automation devices, the Scalance MUM856-1 supports Release 15 of the 5G standard. The device offers high bandwidths of up to 1000 Mbps for the downlink and up to 500 Mbps for the uplink – providing high data rates for data-intensive applications such as the remote implementation of firmware updates. Thanks to IPv6 support, the devices can also be implemented in modern communication networks.
Various security functions are included to monitor data traffic and protect against unauthorised access: for example, an integrated firewall and authentication of communication devices and encryption of data transmission via VPN. If there is no available 5G network, the device switches automatically to 4G or 3G networks. The first release version of the router has an EU radio license; other versions with different licenses are in preparation. With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and autoconfiguration of the devices,” Siemens said.
Preparing for a 5G-oriented Future
Siemens has announced that the new router can also be integrated into private 5G networks. This means that the Scalance MUM856-1 is, essentially, future-proofed when it comes to 5G adaptability; it supports future-oriented applications, including ‘mobile robots in manufacturing, autonomous vehicles in logistics or augmented reality applications for service technicians.’
And, for use on sites where conditions are a little harsher, Siemens has given the router robust IP65 housing ─ it’s “dust tight”, waterproof, and immersion-proofed.
The first release version of the router has an EU radio license; other versions with different licenses are in preparation. “With the Sinema Remote Connect management platform for VPN connections, users can access remote plants or machines easily and securely – even if they are integrated in other networks. The software also offers easy management and auto-configuration of the devices,” Siemens added.