The Concept of Password Management - Research Paper Example

Password Management Password Management Introduction Password management at the workplace is a constantstruggle for the modern employee or worker. An employee at the workplace today possesses different passwords for different applications. It is thus hectic and challenging for an employee or worker to remember the different passwords for different applications. Additionally, due to the vast usage of passwords for online authentication services at the workplace, there is an increasing threat about the vulnerability of these passwords, which pose a security threat to the employee/worker, and the organization. Unauthorized personnel can commit identity theft or get access to private company data if they get access to employee passwords. As such, the project focuses on the concept of password management and How to solve the issues of having so many passwords and having to change them for the different applications at the workplace. This research is necessitated by the increasing cases of identity theft and access to private information by unauthorized personnel due to weak passwords. Additionally, too many passwords at the work place for different applications use a lot of the employees’ mental resources. Further, employees take a lot of time in remembering the passwords. This time could have been spent productively in doing vital organization tasks. Therefore, research into the concept of password management is timely and vital as the modern/current organizations are increasingly using complex systems and applications which lead to the emergence of password management problems. The problems emanating from password management, as stated above, compromise employee and organization security, lead to lost productivity as a result of time wastage, and expensive delays. Hence, it is vital for organizations to comprehend and know how to tackle these problems through the implementation of effective password management policies on how to manage and change passwords at the workplace. Due to the high cognitive load required for employees to remember and manage passwords for different applications at the workplace, employees and company staff engage in password management practices that are often unhealthy and risky. Tryfonas & Askoxylakis (2015) in his research on employee password management habits found out that employees often use an existing password, slightly change the password, use a common name, or use one password for all applications at the workplace. This project is significant for practice since it will focus on finding and subsequently proposing the best ways of password management at the workplace. Additionally, the project will give vital insight into the concept of password management. Background Today, nearly all organizations and employees use applications and services which require password authentication. The use of passwords is vital mainly because it bars unauthorized people from accessing employee or company data. However, the use of passwords is facing a lot of challenges in today’s world. Apart from employees reusing their passwords, or setting weak passwords, password management applications also possess security vulnerabilities. Ring (2014) in his article ‘Security Vulnerabilities Found on Password Managers’ stated that password managers are vulnerable since they are in most cases unable to generate random characters. This makes it easier for unauthorized personnel to access private data through an exploitation of this vulnerability. The author further implies that this problem has worsened with the invention of advanced cloud based and multi-core server platforms which possess the capability of predicting or churning passwords. These platforms have the power to analyze over a thousand password combinations per second. Hence, the platforms make it easier to guess or find the correct passwords of users. Companies such as Elcomsoft use these platforms and software to recover lost/ forgotten passwords. According to Gaw & Felten (2006), most people have two to three passwords which they reuse often. The reuse rates tend to increase as people encounter other password authentication applications or services at the workplace. Therefore, people do not create more or extra passwords when they get more accounts, but rather reuse their existing passwords. In most circumstances or cases, the employees are unaware of the potential risks they expose themselves to by using weak passwords. Gaw & Felten (2006) implied that employees justified the use of existing or simple passwords for various applications at the workplace by arguing that it enabled them to easily manage their accounts. At the enhs clinic, employees and clinic staff interact with or use many applications. As such, there is a challenge at the clinic on how to keep clinic records safe. Strong passwords and healthy password management habits and managers are needed at the clinic to ensure all the data at the clinic is safe and secure. Clinic employees are unable to comfortably memorize passwords for the numerous applications at the workplace. To tackle this challenge, the clinic should require the employees to use password managers with a strengthened cryptographic function. Unlike password managers such as my1login, PasswordBox, Roboform and LastPass which possess some flaws, password managers with a strengthened cryptographic function are safer and user friendly. Such password managers are able to safely and randomly generate passwords for many applications or accounts. Additionally, they will reduce the mental load required to memorize passwords since the password managers require the user to only memorize one short password. To retrieve a lost password, the client only needs to answer a secret question. Halderman, Waters & Felten (2005) states that the simplicity of the use of password managers and the added security password managers with cryptographic function have tends to entice employees into adopting the applications. The user of passwords and usernames when logging into applications has become a normal phenomenon at the workplace. This concept is especially vital during this era characterized by the internet. Usernames and passwords are required when using applications such as email applications, financial institution applications and even when accessing patient data at the clinic. Users of are required to come up with passwords when they want to get access password protected applications and sites. Subsequently, they are required to memorize and secretly keep the passwords from other people. This trend poses a security risk to the account/application users (Gabber et al., 1997). Some password managers are complex and un appealing to users, forcing them to resort to memorizing their passwords. Faced with an increasing number of passwords to memorize, users utilize the existing passwords, or create a strong password, and then use it across all the applications, databases and platforms. This trend and habit is risky since an unauthorized person or a hacker can get access to a single application’s password and then use it to access all the other applications or password protected sites. An effective password manager will only require the employee to memorize a single strong, but short password which will act as the master password. Moreover, the password manager will discourage the use of repeated or similar passwords. Thus, an effective password manager will be convenient (users can access their passwords easily and from different computers), and secure (the password manager does not exhibit any serious flaws or vulnerabilities). Additionally, a password manager with browser integration is vital since users access password protected internet sites frequently. Hitachi ID Systems (n.d) advocates for the use of best practices in password management at the workplace or clinic. These practices guide users or employees on how to set and manage their passwords effectively. Hitachi ID Systems (n.d) states that passwords can be easily compromised in a variety of ways. First, the user can write them down and then share them with his/her fellow employees, making them to be a secret no more. Second, a program or a person can guess a user’s passwords. Next, passwords transmitted in plain text over a network can be easily decoded. Lastly, application or database passwords which are normally stored in a server or workstation in an easily decoded format can be easily accessed. A hacker or unauthorized personnel can therefore exploit some of these vulnerabilities and gain access to password protected databases or applications. However, password systems designed to withstand decryption or brute force attacks are less vulnerable and will secure data effectively. Hitachi ID Systems (n.d) illustrates that organizations have to adopt password management best practices at the workplace. These practices have to accommodate and comprehend human mental limitations (Tryfonas & Askoxylakis, 2015). Further, application and database passwords should be made up of more than seven characters (Scarfone & Souppaya, 2009). This makes it difficult for programs or hackers to crack a user’s password. Additionally, the passwords should not be made up of the user’s identification or phone number. Hackers can easily guess or access an employee’s identification number and then use it to access/ breach his security. At the enhs clinic, best password management practices will make it easier for employees to manage the large number of password protected applications and databases. Additionally, application and database information will be safe from unauthorized access. Leaking of patient information from the clinic as a result of poor password management practices might expose the clinic to lawsuits from clients and patients. This will negatively affect the reputation and financial status of the clinic. Project Evaluation and Specification Personal and Academic Suitability This project is suitable for me and other stakeholders at the enhs clinic. I possess the required access, experience and skills to conduct the project efficiently. The clinic staff and employees use a lot of passwords for different applications and databases at the workplace. As such, the project will recommend a suitable way to manage passwords at the clinic Brief Stakeholder analysis Management Enhs management has the responsibility and duty to guide and implement best management practices at the clinic. In most instances, management is answerable when patient data or private information leaks from the clinic due to poor password management by the employees or staff. This makes enhs management to be the major stakeholder in the project. Thus, enhs management supports the project since it will help management and consequently educate them on the best password management practices to implement at the enhs clinic. When good password management habits are supported by management at the workplace, the security of private data is enhanced. Additionally, time wastage is minimized which can then be channeled to doing other useful tasks. Enhs staff Enhs staff encounters challenges while managing passwords for the ever increasing number of applications and databases at the clinic. Hence, they find it difficult to memorize all the passwords, leading to the creation of weak passwords. As such, the project will recommended better password management strategies, which take into consideration the human element. These strategies will therefore enable enhs staff to easily and effectively manage passwords at the clinic for the large number of applications and databases. Suitability of the Project Ideas The project ideas are suitable for the health care field. Health care professionals possess vital patient information which has to be kept safe from unauthorized personnel. Thus, good password management practices and strategies will help hospital staff to easily manage and secure patient data. Apart from securing important patient data, good management strategies at the workplace will reduce or minimize legal liability that normally results from the hospital being sued for leaking client information. Feasibility of Project The project will utilize primary research and secondary research. Therefore, data will be collected directly from the participants who will be the hospital staff. This data will be obtained through the use of interviews. The topic of password management has been widely covered by various scholars. This implies that beneficial information is readily available. Hence, the secondary data from books, journals or articles will be used to supplement the primary research. Participants will be chosen from the enhs clinic, and then their password management habits will be analyzed. Research Objectives The primary objective of the project is to determine the best password management practices and how to effectively manage the numerous password protected applications and databases at the enhs clinic. Scale and Scope of the Project The project will focus on a single case study. It will thus evaluate and analyze the password management practices at the enhs clinic. The stages of the project / project outline plan Stage 1 Idea generation: The topic for investigation will be arrived at after the completion of the idea generation task. Different topics will be put on the table, and the most relevant will be selected for investigation. This process will take a duration of approximately 1 week. Topic analysis/ investigation: the chosen topic will be analyzed in depth. Through idea generation task, the topic of password management will be analyzed. Academic work of other scholars will provide useful insight into the topic. The task will take a duration of 1 month. Definition of the problem: this task will focus on analyzing the problem to be solved. Staff at enhs clinic find it challenging to manage the large number of passwords which are needed for the many applications and databases at the clinic. This task will take a 1 week duration. Stage 2 Research methodology design: the project will employ qualitative research methodology to analyze the habits of the enhs staff. This task will take 2 weeks. Carrying out research: through the use of interviews, participants will give out their habits of password management. The task will take 1 month. Stage3 Provisional conclusions: the use of good password management habits is beneficial to the enhs staff and the organization in general. To better manage passwords at the workplace, enhs staff should use a password manager. Project Resources The project will not be resource or time intensive since it will be carried at the enhs clinic (at the participants’ workplace). Risk Assessment Risk Assessment Matrix Risk factor Low Medium high Technology Some proof testing of the password manager will be required. This will show the stakeholders the applicability of the manager Safety There are no safety hazards Political risk Stakeholders are neutral about the project. However, they have to be updated regularly Time There are no known time constraints Project Specification The proposed project title is ‘Implementation of Better Password Management at Enhs Clinic’. Project timetable The project will take a four and half month duration. During the first month, literature review and background into the topic will be conducted. Research methodology, data analysis and presentation of findings will be conducted in 2 months respectively. The last months will involve a summary of the study, conclusion and the recommendations. Also, Password manager application demonstration will be conducted on the 4th month. The four and half month timeframe is thus adequate for the project. References Scarfone, K., & Souppaya, M. (2009). Guide to enterprise password management (draft). NIST Special Publication, 800, 118. Hitachi ID Systems. (n.d). Password Management Best Practices. Retrieved from http://hitachi-id.com/password-manager/docs/password-management-best-practices.html Gabber, E., Gibbons, P. B., Matias, Y., & Mayer, A. (1997, January). How to make personalized web browsing simple, secure, and anonymous. In Financial Cryptography (pp. 17-31). Springer Berlin Heidelberg. Tryfonas, T., & Askoxylakis, I. (Eds.). (2015). Human Aspects of Information Security, Privacy, and Trust: Third International Conference, HAS 2015, Held as Part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015. Proceedings (Vol. 9190). Springer. Ring (2014). Security vulnerabilities found on password managers. Retrieved from http://www.scmagazineuk.com/security-vulnerabilities-found-on-password-managers/article/361119/ Halderman, J. A., Waters, B., & Felten, E. W. (2005, May). A convenient method for securely managing passwords. In Proceedings of the 14th international conference on World Wide Web (pp. 471-479). ACM. Gaw, S., & Felten, E. W. (2006, July). Password management strategies for online accounts. In Proceedings of the second symposium on Usable privacy and security (pp. 44-55). ACM. Read More