May 19 2008

4 Tips for Managing Passwords

Use these four pointers to reduce password-related help-desk calls.

For nearly as long as there have been computers, IT managers have depended on passwords for user-authentication. And for as long as there have been human beings held accountable for remembering passwords, there have been help-desk calls to have them reset.

Although password-related calls are a mainstay of help-desk support, there are steps that can be taken to reduce their number. Here are four tips that can help make support for passwords an unusual call instead of the norm:

1. Train users to choose the same password for several applications. One of the most common complaints that help desks receive regarding passwords is that there are simply too many to remember. One helpful solution is to make passwords the same whenever possible. For example, if a user is allowed to set his or her own password for both mainframe login and operating system login, he or she should use the same password for each function. Also, though applications may not require passwords to be reset on a specified schedule (for example, 90 days or 180 days), most applications allow users to change passwords on demand. So keep things simple by having the user reset all passwords on the day the first one expires.

2. Consider a biometric/password-management solution. For a slightly higher price, many portable computers come equipped with built-in fingerprint scanners, which offers an additional physical layer of security. Many portable computers also come bundled with powerful password-management software that allows virtually all passwords to be associated with the user’s fingerprints. Then the only thing required to log in is a simple swipe of the finger. 

3. Help your users create “cheat sheets.” One of the handiest (but least elegant) solutions for users who have trouble remembering their passwords is to create a cheat sheet — a simple password-protected document or spreadsheet that contains a list of all the user’s applications and their respective passwords. Users can even name the spreadsheet something innocuous, like “Book1”  or “Holiday Schedule” to add a layer of security through obscurity for snooping eyes. The obvious advantage of this is that all of the user’s passwords are readily stored in one place, with a single password needed to read the document.  

4. Reduce password-strength requirements. While mandating eight-character alphanumeric passwords that reset every 30 days may provide above average security, it might also result in an increased number of support calls to your help desk. You may want to consider a less aggressive approach that balances security and functionality. If, in fact, your security needs demand more complex passwords, consider setting them to expire after 90 days or 180 days instead of 30. Or, if you are in a small office environment where security risks are more limited, think about requiring simpler passwords with lower reset intervals. Remember that simple passwords are easy to remember. There is always an argument to be made for security, but one must be mindful that more security often means more support.

Jason Holbert is a Tier II desktop support technician at Harcros Chemicals, a chemical manufacturer and distributor in Kansas City, Kan.