P-Synch Security Benefits
Password management, especially in a heterogeneous environment where each user has multiple passwords, has many inherent security problems. In many organizations, weak password management is the single largest security problem.
| Security problem | P-Synch solution | |
| Users write down passwords | Users with many passwords frequently write them down since they are too hard to remember. Written passwords may be attached to user workstations, stored on computer files, or carried around by users. None of these techniques are secure. | P-Synch helps users remember a single, strong password using password synchronization. |
| Users choose weak passwords | Users tend to pick simple, easy-to-remember passwords. Unfortunately,
such passwords are also easy to guess, and password cracking software can
easily find them.
Some computer systems offer password strength enforcement, but usually only a few rules are available, and the same rules are not available on different types of systems. |
P-Synch can enforce a single, strong and uniform password strength policy across every system in the enterprise. |
| Users never change their passwords | Over time, users may share their passwords with friends or co-workers. The best way to overcome this problem is to change passwords regularly. Unfortunately, users are reluctant to do this, and only some systems can force users to change their passwords often. | P-Synch can prompt users to change all of their passwords regularly. |
| Support staff reset passwords for unauthorized callers | When users forget their passwords, they call the help desk and ask for a password reset. The help desk may reset the caller's password with little or no proof of the identity of the caller. | P-Synch allows users to reset their own password, after being properly authenticated. It also integrates user authentication into the help desk password reset facility. |
| Too many people have administrative rights | Without P-Synch, many front-line support staff may have administrative rights to many systems, so that they can reset passwords for callers. A large number of people with administrative rights presents a serious security problem. | P-Synch allows front-line support staff to reset passwords on every system without having an account on those systems. This significantly reduces the number of people with administrative rights on the network. |
| There is no audit trail for password resets | Without P-Synch, there may be no way to tell who reset a user's password, when or why. | P-Synch logs administrator logins, user IDs, host IDs, time and date and password reset results. |
P-Synch improves the security of authentication processes:
- A global password policy ensures that no passwords are easily guessed, and all passwords are regularly changed.
- Password synchronization helps users to remember their passwords, rather than writing them down.
- Strong authentication ensures that users are properly authenticated prior to a self-service or assisted password reset.
- Delegation allows help desk analysts to reset passwords for users without having administrator credentials on managed systems.
- Extensive audit logs create accountability for password resets.
- Encryption ensures that no sensitive data are stored or transmitted in plaintext.