Manufacturers' password malevolence
Passwords are everywhere and manufacturing is no different, even if the headlines from specialty publications tell us otherwise. No matter your position, passwords, even in manufacturing, will continue to be used in nearly every business setting for more than the foreseeable future. Additionally, we will continue to see the rise of biometric and other technologies in the market. Even if you are a CEO, plant manager or line operator serving as the engine of manufacturing, chances are very high that you need access to systems and are using a user name and password to gain entry.
Manufacturers of all sizes in nearly every sector of the globe use password and access credentials as the gateway into their respective information systems to view, manipulate and change data as required. Even though passwords and other similar access tools are used to gain access to information does not mean they are impenetrable. Other issues are likely going to be trouble, too; passwords are no nirvana after all. Therefore, regardless of how many passwords your plant’s employees must remember and how often they need assistance in resetting them, passwords are crucial ingredient to a network’s security protocols.
Passwords: a history
The first passwords were created in the 1960s for MIT's Compatible Time-Sharing System. These passwords were first used by students in the program who were required to access the system as individual entities. As the story goes, each student user created a password; however, the program’s leaders soon learned that this method of storage did not work once they discovered that one user who wanted more time on the computer simply printed out the passwords from the machine and logged in as a different user than him or herself. This was a problem because each user was only granted so much time on the computer per week under their identity. Program leaders quickly found that this manner of storing passwords was not practical for protecting information or keeping others from accessing other student’s profiles. A more secure method was needed, they theorized, even on the first computer ever used. On another note, this also was likely the first recorded data breach anywhere in the world.
Next in the history of passwords, we saw the development of encrypted passwords – still used today -- so that no one user could easily steal another user’s credentials, as was the case at MIT. Passwords then were developed to protect secure information rather than just taking on a gatekeeper role. As they spread into business and workplaces worldwide, passwords became encryption solutions that could not easily be hacked.
As you know, millions of organizations have since adopted passwords protocols and are relying, of course, on computers and devices for their business needs -- and users enter credentials for each system they must to access. However, this has meant that for passwords to be remembered by users, they began to either user very simple passwords or the same password for each system. Or they simply wrote them down at their station or somewhere near their workstations on the floor.
A National Institute of Standards and Technology (NIST) at the US Department of Commerce survey found that the average person has nine work-related sets of credentials – five that are frequently utilized and four that are only needed occasionally. When password complexity, history and frequency of changes are factored in, the time spent by a member of your plant managing passwords can be substantial, not to mention what happens when a password is forgotten and needs to be reset. NIST also shows that employees are becoming overwhelmed with passwords because of different requirements between systems, especially when frequent changes are required, and your employees become frustrated because of forgotten passwords.
So how do most employees deal with password fatigue? Simple – they write them down. Sometimes they are in plain sight, such as emblazoned on a sticky note on the monitor or under their computer keyboard at their work station, or even near a shared work station on the plant floor. At other times, they are jotted on a piece of paper in their wallet or purse or is on a note inside their phone. Regardless of the method, the writing down of a user name password introduces a security risk that does not need to exist.
Today, passwords overwhelm us. They are complicated. There are too many of them, and rules for managing them too complex. According to a recent Tools4ever survey, users access up to an average of 12 different systems and applications to perform their jobs. Humans are usually only capable of remembering about six complex passwords at the most.
Your employee’s productivity is cut when they must deal with these types of password maintenance issues. Managing employee password access can be overwhelming for your plant’s IT structure, too. How long does it take to resolve an issue when an employee is locked out of his or her account and must receive a password reset? Even this process is convoluted: Employees contact the helpdesk, start a ticket, request that the helpdesk team reset the password, log in again then get back to the work they need to accomplish. All of this is time wasted that is taken away from the project the employee was working on. Technically speaking, based on the size of the organization, password management can require a full-time position or more at large manufacturers, since one of the top calls to the helpdesk is for password resets.
Another problem with passwords: All the clicks and authentication processes some employees need to take just to access their applications. When time is critical, every minute counts and passwords can become a deterrent. When these issues start to effect productivity of your employees is when it becomes an issue. So as the password and authentication process has evolved and become increasingly complex, how can organizations easily resolve the issues that have come about?
Pressing out password pains
Single sign-on (SSO) protocols can assist with password pains. Through such solutions, users only enter their credentials (password and user name) one time for all systems. Also, in the case of password resets, self-service password reset technology is likely the best approach. Employees reset their own passwords through the use of a simple online form; they can do this from anywhere. Headquarters, the plant floor, on delivery routes or while traveling. Users reset their own passwords after correctly answering a few security questions without the need to contact the helpdesk or the IT department.
Future of passwords
As technology evolves, in the near future the likely pairing of one of the solutions mentioned (SSO and self-service password reset technology) with two-factor authentication or more advanced methods like biometrics, is expected. Two-factor authentication can be paired with SSO so that users type in a single PIN, and also present their ID card to the reader and automatically gain access to all of their applications.
Two-factor authentication also can be paired with biometrics. Biometrics, of course, is the use of an individual’s human body (like a fingerprint or veins in the hand) or traits that verify a user. Some methods even use human voice, retina scanning, facial recognition or fingerprints to authenticate a user. Two-factor or multiple-factor authentication is where we are heading with the future of authentication, meaning stronger security to their networks, without drastically interfering with the login process.
Employees are bound to face password issues in every organization and industry. It is how they are handled that can effect productivity and security. Simple password management solutions can ensure that issues are easily handled without hindering productivity and security. As technology evolves so will many of the issues organizations have with authentication processes, and password management solutions will have to stay one step ahead of these issues.
Increasing employee satisfaction while balancing security needs can put your IT department in a difficult position, too. On one hand, they want to minimize employee inconvenience related to remembering numerous sets of credentials, while maintaining security associated with complex passwords and eliminating passwords being written down.
Fortunately, there are many commercially available software solutions to solve both of these issues. Many organizations start out with something as simple as password synchronization. When a user changes their network password, it is synchronized across the numerous systems. While this solution can work and is appealing from the standpoint that an end user now only has one password to remember, there are some potential pitfalls. The first issue that can arise is usernames. The network may have j.doe while ERP has JohnDoe and HR may have John_Doe. The second potential issue deals with password complexity and history rules. One system may need eight characters while another needs 10; one system may accept special characters while another cannot; one system may need a change every 60 days while another needs a change every 90 days.
These issues can be resolved by using translation tables for user names and password complexity rules that address the least common denominator, it is not always a simple, error-free configuration. It also requires intervention to identity all the username differentials between the systems in an organization.
You can resolve the password issue with SSO, allowing users the ability to login into a secure portal or use their network authentication to access systems and all apps required of their position and once the single credential is verified all are opened and presented on their device or computer. The first time a user launches an app, he or she provides their proper credentials. Going forward, their credentials are remembered and provided automatically. No further need to remember each individual user name and password for all systems used in the course of a day.
This can even be taken several steps further from a security perspective. The credentials can be pre-loaded into their SSO profile so the user never even realizes there are different credentials for each app. However, if they attempted access from outside the portal, access would be denied. Also, an administrator could inactivate a user’s SSO profile, immediately removing access to all applications. The SSO portal can also be locked down, by user and application, to specific device types, time of day, IP range and internal or external network connections.
It is also possible to add two-factor (2FA) authentication to the portal or sensitive applications, requiring the use of a PIN or biometrics, smart cards, etc. for access. Significant reduction in frustration and password fatigue can be experienced when a smart card is used as a replacement to passwords for the majority of users.
Fortunately, there are many commercially available solutions for this problem, as well. Applications that allow users to reset their network password from the Windows login screen or a web portal on kiosk computer are relatively inexpensive and easy to deploy. The user simply answers challenge questions provided during an enrollment phase and can reset their password immediately. This is especially useful for people working on shifts when the helpdesk may not be open. If utilizing a password synch model, this new password is immediately set in all connected applications. If using an SSO model, the user can now regain access to the network and the portal.
Password frustration and fatigue are real issues and are only getting worse, but you can streamline this process across multiple organizations and business types – like a plant and the business office. Using a single, simple password across multiple websites and applications you can eliminate writing down passwords while increasing security and efficiency for everyone involved.
Dean Wiech is managing director of Tools4ever US.