Overview#
Password Management is a Credential Management system for PasswordsSecurity and Cost Issues #
Password Statistics show the Security and Cost Issues surrounding Password Management an Organizational Entity.Why Users Do this? #
As Password Policy are being made more complex, the difficulty of remembering passwords is increasing. One of the issues is that the password policy ignores the "people factor". As Security experts continually site statistics of how much stronger passwords can be made by making them more complex. The experts seem to forget that they used a computer to generate the statistics and yet expect employees to remember complex passwords that score high in Password Strength.The as the employee is forced to change their password more frequently, they must write down the password or they use some simple sequence to try to remember the password.
The result to the organization #
This survey indicates that organizations still face some serious security issues. Based on the statistics, in an organization of our size, 200,000 people;- 100,000 people would write their passwords down
- 66,000 people would share their passwords
- 94,000 would perform Password Reset at least once a year
Functions of Password Management#
The primary function of Password Management is to enforce the Password PolicyPassword Life Cycle[1]#
The Password life cycle begins when the user needs to create a password for a new account. (Credential Enrollment) |
Theoretically, a user might begin with no Passwords at all, and have to fabricate one from scratch, but they may also have existing strategies and password phrases that they will integrate into a new password.
This password must next be committed, either memorized or recorded, so that it can be later used for Authentication. Assuming the commitment process is successful, the user then lives with their password. They login and access their accounts successfully.
If they successfully remember their password, and it is appropriate for reuse, they can then reuse that password. If the password must be changed (because it is forgotten, because someone else has learned it, or because of enforced password change policies), they must return to password creation.
Rationing is present at every step of the password life cycle:
- Users ration effort at creating new passwords
- Users implement Password Reuse to put more protection on the most valued accounts
- User reduce the effort of memorization by saving passwords in Password Managers or by writing them down
- Users strategically budget the attention they pay to passwords on existing accounts.
Rationing contributes to the cycle of password Reuse. As effort is reduced from some accounts, it is saved for new ones. Reused passwords are handed down from existing accounts, saving the user the time and energy of creating and memorizing a new password.
Password Anti-Patterns#
There are some common things around Password Management that are Password Anti-PatternsWhat To Do About Passwords #
We know Passwords are bad, but What To Do About PasswordsPassword Management Applications #
Password Management Applications help with Password Management.SCIM Password Management#
Some items on SCIM Password ManagementPassword Management and LDAP #
More Information #
There might be more information for this subject on one of the following:- 2.16.840.1.113719.1.1.4.1.185
- Biometric Data Challenges
- Credential Management
- IAM Charter
- IDSA Integration Framework
- Identity Lifecycle Management
- IdentityIQ
- Novell Secure Password Manager
- Overview Of Password Concepts
- Password
- Password Authentication
- Password Expiration Warning
- Password Grace Authentication
- Password MUST Change
- Password Management
- Password Strength
- Passwords
- SCIM Password Management
- SCIM Password Management Extension
- SecretStore
- Single Sign-On Scenarios
- Social Login
- Traditional Registration
- WEB Access Management
- What To Do About Passwords
- [#1] - The Password Life Cycle: User Behaviour in Managing Passwords
- based on information obtained 2015-05-25
