Password management systems: How to compare and use them

Whether standalone or integrated into IAM suites, password management tools aim to provide both security and convenience

By Beth Schultz

June 22, 2011CSO

With username and password prompts coming at users with every personal and professional login, every once in a while they're bound to forget which combinations go with which access requests.

Such lapses in digital memory can send users to help desks in droves.

Gartner data shows that password-related queries account for approximately 30 percent of total call volume for multipurpose help desks, says Gregg Kreizman, a research director at the firm.

But that call volume drops by an average of 70 percent when companies use password-management tools, he says.

Password-management tools reduce the help desk burden—staff- and cost-wise—by providing a self-service reset capability for users who have forgotten their version of "open sesame," even if they've gotten locked out of the application, system or website they're trying to log in to. In addition, password-management tools speed up access to resources for users who have forgotten their passwords.


[Also learn about privileged identity management systems]


With help-desk-related costs ranging from $3 to $18 per request, Kreizman says, it's easy to understand why reducing password reset requests is a primary driver for adopting password-management tools.

But password-management tools have other benefits, too. For example, they can streamline the change process by synchronizing access across multiple systems, and they can help companies strengthen and enforce password policies.


Use Cases

In the dozen or so years since their introduction, password-management tools have become enterprise staples.

At Partners HealthCare System, for example, Courion's PasswordCourier tool has been helping with password management since 2007, says Mary Buonanno, director of IS support services at the healthcare provider. Specifically, she says, Partners uses the tool to manage passwords for more than 80,000 accounts on Microsoft's Active Directory and RSA's SecurID-authenticated VPN. "We needed a tool to manage all those passwords, as we obviously couldn't do that through native Windows," Buonanno says.

"While some applications have their own password stores, anything that uses Active Directory for authentication gets the benefit of having PasswordCourier for managing passwords. We think it's important to do this at the front door, and then through policy and best practices manage passwords for all those departments that own their own applications," she says.

At Flagler College in St. Augustine, Fla., the password-management use case is more limited but has no less impact.

"We needed a tool with enough intelligence so that when we changed an administrative password on a server or system it would scour the network for dependent services and update their credentials. Otherwise those services stop working, and that's really no fun," says Brendan Hourihan, director of network and desktop support services at Flagler.

RESOURCE CENTER