{"id":1539,"date":"2017-01-27T13:08:06","date_gmt":"2017-01-27T17:08:06","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=1539"},"modified":"2017-01-27T13:08:06","modified_gmt":"2017-01-27T17:08:06","slug":"common-mistakes-in-enterprise-password-management-policies","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/","title":{"rendered":"Common Mistakes in Enterprise Password Management Policies\u00a0"},"content":{"rendered":"
\"password-wall\"By Dean Wiech<\/span><\/span><\/em><\/div>\n
\u00a0<\/span><\/span><\/div>\n
The most common problem with enterprise passwords is that there are just too many of them for the average person to remember. The average employee needs to remember 12 different sets of credentials to access applications to perform their daily work, according to studies. That quantity, coupled with a wide range of complexity requirements, results in a common practice of writing them on a sticky note or storing them in a document for easy retrieval. <\/span><\/span><\/div>\n
<\/div>\n
Of course, this sends shivers down the spine of most security officers\u2014 there\u2019s no value in providing security protocols if users are simply writing passwords on paper and placing them next to the desk. This says nothing of the troubles for the helpdesk manager whose staff is inundated with calls from frustrated users who can\u2019t access an application that they need ASAP.<\/span><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
So what can an organization do to alleviate these issues? <\/span><\/span>Eliminate passwords, of course \u2013 at least all but one of them.<\/div>\n
<\/div>\n
Web access portals are currently a go-to in access governance. In essence, a web portal is all of the applications a user needs, grouped together in one easy place to access. If the user is on the network, their Active Directory authentication grants them access to the portal. If they are off the network, on a smartphone, for example, they enter their one username and password to gain access to the portal and can then access their apps from there without the need to enter individual credentials.<\/div>\n
\u00a0<\/span><\/span><\/div>\n
There are many security advantages to using a web access portal over providing the individual credentials to users. First, it is possible to set up a user with access to dozens of applications without providing them the actual URL or credentials for these applications. By using a proxy server and pre-loading the username and password into the portal, the end user never actually knows where they are accessing the application or what the credentials are. Considering that a recent survey showed end users might be willing to sell their credentials for as little as $100, this can be a serious risk aversion practice.<\/span><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
Secondly, it is possible to add multi-factor authentication to either the portal itself or individual, particularly sensitive applications. The use of one-time password (OTP) codes or personal pins, can be an easy way to establish another layer of security beyond the credentials needed to access the portal. A third area of security involves the use of access control rules or profiles. These can be set up for a group or individual and can apply to all or some specific applications. Restrictions include items such as time of day, IP address, device type, whether they’re on or off the corporate network and the user specific authentication providers, such as Security Assertion Markup Language (SAML) or Google.<\/span><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
Ideally, the elimination of passwords in their entirety will happen in the very near future. However, until we arrive at a cost-effective and technologically viable alternative, we can work on reducing the number of passwords needed down to one. Then secure that one password by making it more complex \u2013 possibly even a passphrase \u2013 and anchor it with a second factor of authentication.<\/span><\/span><\/div>\n
\u00a0<\/span><\/div>\n
Dean Wiech is managing director of <\/i><\/span><\/span>Tools4ever<\/i><\/span><\/span><\/a>.<\/i><\/span><\/span><\/span><\/div>\n","protected":false},"excerpt":{"rendered":"

By Dean Wiech \u00a0 The most common problem with enterprise passwords is that there are just too many of them for the average person to remember. The average employee needs to remember 12 different sets of credentials to access applications to perform their daily work, according to studies. That quantity, coupled with a wide range […]<\/p>\n","protected":false},"author":24,"featured_media":1540,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[107,373,465,91],"acf":[],"yoast_head":"\nCommon Mistakes in Enterprise Password Management Policies\u00a0<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Edwards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/\",\"name\":\"Common Mistakes in Enterprise Password Management Policies\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/01\/password-wall.jpg\",\"datePublished\":\"2017-01-27T17:08:06+00:00\",\"dateModified\":\"2017-01-27T17:08:06+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\"},\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/01\/password-wall.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/01\/password-wall.jpg\",\"width\":800,\"height\":350,\"caption\":\"Expert Password Best Practices for World Password Day 2021\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Common Mistakes in Enterprise Password Management Policies\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer's Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\",\"name\":\"Jeff Edwards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"caption\":\"Jeff Edwards\"},\"description\":\"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.\",\"sameAs\":[\"https:\/\/solutionsreview.com\",\"https:\/\/x.com\/InfoSec_Review\"],\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Common Mistakes in Enterprise Password Management Policies\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/","twitter_misc":{"Written by":"Jeff Edwards","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/","url":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/","name":"Common Mistakes in Enterprise Password Management Policies\u00a0","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/01\/password-wall.jpg","datePublished":"2017-01-27T17:08:06+00:00","dateModified":"2017-01-27T17:08:06+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6"},"breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/01\/password-wall.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/01\/password-wall.jpg","width":800,"height":350,"caption":"Expert Password Best Practices for World Password Day 2021"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/common-mistakes-in-enterprise-password-management-policies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Common Mistakes in Enterprise Password Management Policies\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer's Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6","name":"Jeff Edwards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","caption":"Jeff Edwards"},"description":"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.","sameAs":["https:\/\/solutionsreview.com","https:\/\/x.com\/InfoSec_Review"],"url":"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/1539"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=1539"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/1539\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/1540"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=1539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=1539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=1539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}