Password Management


Password Management is a Credential Management system for Passwords

Security and Cost Issues #

Password Statistics show the Security and Cost Issues surrounding Password Management an Organizational Entity.

Why Users Do this? #

As Password Policy are being made more complex, the difficulty of remembering passwords is increasing. One of the issues is that the password policy ignores the "people factor". As Security experts continually site statistics of how much stronger passwords can be made by making them more complex. The experts seem to forget that they used a computer to generate the statistics and yet expect employees to remember complex passwords that score high in Password Strength.

The as the employee is forced to change their password more frequently, they must write down the password or they use some simple sequence to try to remember the password.

The result to the organization #

This survey indicates that organizations still face some serious security issues. Based on the statistics, in an organization of our size, 200,000 people; At an estimated cost of $50 per Password Reset, the company could spend $ 4,700,000 resetting passwords. There are many more examples for Password Statistics.

Functions of Password Management#

The primary function of Password Management is to enforce the Password Policy

Password Life Cycle[1]#

The Password life cycle begins when the user needs to create a password for a new account. (Credential Enrollment)

Theoretically, a user might begin with no Passwords at all, and have to fabricate one from scratch, but they may also have existing strategies and password phrases that they will integrate into a new password.

This password must next be committed, either memorized or recorded, so that it can be later used for Authentication. Assuming the commitment process is successful, the user then lives with their password. They login and access their accounts successfully.

If they successfully remember their password, and it is appropriate for reuse, they can then reuse that password. If the password must be changed (because it is forgotten, because someone else has learned it, or because of enforced password change policies), they must return to password creation.

Rationing is present at every step of the password life cycle:

  • Users ration effort at creating new passwords
  • Users implement Password Reuse to put more protection on the most valued accounts
  • User reduce the effort of memorization by saving passwords in Password Managers or by writing them down
  • Users strategically budget the attention they pay to passwords on existing accounts.
Users save resources from inconsequential accounts so that they can devote them to to more important accounts. Allotting time, attention, and energy to different accounts forms the backbone of users’ coping strategies. As with other forms of rationing, users scrimp on effort for some accounts to save it for others.

Rationing contributes to the cycle of password Reuse. As effort is reduced from some accounts, it is saved for new ones. Reused passwords are handed down from existing accounts, saving the user the time and energy of creating and memorizing a new password.

Password Anti-Patterns#

There are some common things around Password Management that are Password Anti-Patterns

What To Do About Passwords #

We know Passwords are bad, but What To Do About Passwords

Password Management Applications #

Password Management Applications help with Password Management.

SCIM Password Management#

Some items on SCIM Password Management

Password Management and LDAP #

More Information #

There might be more information for this subject on one of the following: