Sailing Securely as HUMANS- the age old password problem

It’s 2022. And we still haven’t solved the age-old issue of passwords. Sure we’ve introduced biometrics, so we’ve gotten everything from a thumb print, a voice print and a retinal scan to unlock our devices and avoid having to use that password….but, they still exist in the background. The day you decide to get up and groggily try to unlock your iphone with your beanie on so you can go for that morning walk and it doesn’t recognize you, you’re screwed! And then you’re off to a bad day.

There’s no doubt that we live in a world where things have gotten more and more serious with security, with identity theft and risk to data theft being a major concern for both sides, the consumer and the worker, but somewhere in the middle is the “human” piece. We’re struggling to find a way to factor in a balance between doing what’s right to SECURE our world, while still being able to SAIL through life and actually be productive.

Recently I thought of my own journey around security, starting 20 years ago when I managed a help desk. Most of what the operation handled was password resets, and yet that was considered a low-skill help desk. The problem gets worse over time, with more applications added for the users to access, and each application having different password complexity and expiration dates. It’s no wonder our users started to get creative and started writing them down. I’m not suggesting a sticky note on a monitor or under a keyboard is the right place to put your login credentials, but I do understand the frustration levels of users having to remember 12 unique sets of login credentials that have virtually nothing in common, and that hold the key to their productivity.

The challenge here becomes the barrage of solutions that start entering the market- anywhere from IVR solutions for password resets, to single-sign on solutions, to the latest dual factor authentication. The issue isn’t that we’re trying to introduce technologies to help the users, it’s that we’re often times forgetting the HUMAN in the middle of all this. When I say the human, I think of both sides of this- the customer or user experiencing the issue, and the service desk specialist trying to help the customer/user with a password reset or unlock.

Here are some of the lessons I’ve learned from all of this.

1) People will forget- no matter how much you impress that they shouldn’t. And to avoid that, they write things down, and in the oddest places. (I’m not kidding, if you check under many keyboards you’ll still find stickies with password on them- along with the login name too!)

2) There are those who will try to outsmart the system by synchronizing ALL of their passwords when one expires. In so trying to make their life easier, they essentially create more risk and also more work for your local service desk- needing assistance with all of these changes.

3) When there are too many passwords to remember, only the most sophisticated users will find a better system (password keeper program) and use it meticulously. The rest will simply stumble through their week and deal with the mishaps as they happen, getting angry each time they need help.

4) If the organization deploys a password reset tool to assist their users, unless they pre-register them, they will get limited success with it. Users want the easy button- don’t make them enter information they don’t need to; it needs to be beyond intuitive, it just needs to work.

5) Your service desk operation needs to be safeguarded with tools that record their calls/keystrokes so they can be protected. Beyond training them on standard operating procedures, the ACD system must record all calls and allow for screen scraping to capture actual system access activity, for their protection and the users’.

While there’s much more than can be said about the “how” to deploy all the newest technologies to support password reset functionality in the safest of techniques, it’s clear that we’re not getting out of the business of password support anytime soon. But we do need to sail through it, and safely!