With SaaS now mainstream, users must juggle multiple passwords for a sprawl of different online services, some business, others personal. The struggle to keep track of all these access options can cause password fatigue and leave your business vulnerable to data breaches from inside or out.
Widespread adoption of software as a service (SaaS) has brought powerful applications to small and midsize businesses at a reasonable cost. But increasing use of these online applications requires users to manage an ever-expanding list of user IDs and passwords. Staying in command of a growing throng of passwords can overwhelm employees, leading to poor security practices, from writing passwords on sticky notes to sharing user accounts or worse. Password management solutions give businesses the power to control access to multiple applications, simultaneously bolstering security and reducing the likelihood of user password fatigue.
Don't Miss: Protecting Your Company From Insider Threats
TriCipher provides a secure single-sign-on service for more than 300 Web-based applications. Jon Brody, TriCipher's VP of marketing, talked with bMighty about the different levels of authentication, the dangers of password fatigue, and how centralized access control can save money and improve client interaction.
bMighty: What is password fatigue?
Jon Brody: How many different password accounts do you have? Five, 15, 25? Most people log on to between five and 15 systems -- and some people may be closer to 30. No one can remember a different password for all those accounts, so people use the same password for everything or they come up with a scheme -- simple password for nontransactional sites, complex for banking sites, etc. Using the same user ID and password exposes accounts to hacking, and developing complex choices makes it hard to remember them all. At some point it becomes too much to manage -- that's password fatigue. You want to minimize what you're forgetting, and password applications allow you to centralize all your access in one place and then there's just a single password to manage.
bMighty: Is user authentication important for all situations?
Brody: If you care that your users are who they say they are, if it matters that your users are not imposters, then it [authentication] is important. For example, for online travel services authentication is important for communication and billing. It's not that important for other things, like social media sites. When it's not important you don't need to implement authentication or implement a different level.
bMighty: So break down the levels of authentication?
Brody: Authentication comes in different strengths. A basic level asks for user ID and password; that can require validation of e-mail address. That's typical of social sites like Twitter, Facebook, and MySpace. A stronger level, what you'd find with online banking, asks for more proof of who you are -- a phone number, for instance -- and asks you knowledge-based authentication questions when you log on from a different computer. Stronger still is the type of authentication used by the government and large enterprises that requires you to swipe a smart card or use a token.
|
|
 bMighty bSecure is a virtual event designed to help your company stay secure in the most cost-effective way possible. bMighty and InformationWeek editors will bring together SMB security consultants, analysts, and other experts, along with real IT execs and users from small and midsize companies, to share the secrets of keeping your company secure without breaking the bank.REGISTER NOW! |
bMighty: So what about federation?
Brody: Federation is a common standard for exchanging IDs for previously authenticated users. After you've authenticated yourself to one service, federation makes it possible to pass the credentials to another service. This saves users from logging on multiple times. More and more services are aggregations of multiple services -- for instance, health information systems that integrate hospitals and insurance providers -- so you can move through the system and even authorize payment with a single logon. Federation makes mashups safe to use.
Next Page: How Controlling Passwords Saves Money
