To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39152802,00.htm

Biometrics curing password headaches
And boy do we hate PA55w0RD5...

By Will Sturgeon

Published: Wednesday 28 September 2005

A growing number of large end-user organisations are making the switch to biometrics-based solutions to overcome the perennial problems users continue to have with passwords.

Barclaycard and Mitsubishi Securities are just two organisations which have recently revealed the move to biometric solutions such as fingerprint readers on computer keyboards.

Speaking at the silicon.com CIO Forum, Graham Yellowley, IT director at Mitsubishi Securities, told delegates: "We're using biometrics on our trading floor. People across the organisation have about 12 passwords to remember so a single sign-on biometric keyboard has proven very popular."

Gary Edwards, CIO at Barclaycard, said: "All 8,000 of our end users use biometrics for access to internal systems."

And research out this week from identity and access management firm RSA reveals the extent to which users are still struggling with the basics of password management.

The company surveyed 1,700 enterprise end users in the US and found that more than a quarter of respondents manage more than 13 passwords at work. Unsurprisingly the survey also found that 88 per cent of respondents are frustrated with password management.

And this frustration is manifesting itself in practices that may jeopardise corporate security such as writing down passwords or saving them locally on a spreadsheet or document.

A quarter of respondents said they keep their passwords saved in plain text on their PC while a similar number (22 per cent) said they save a list of passwords on a handheld device such as their PDA. A worrying 15 per cent said they keep a list of passwords written down on a piece of paper on or around their workstation.

And the frustration of end users is mirrored in their support staff who are wasting time and money resetting passwords and unlocking machines. Lost time due to password problems is also costing companies dearly.

A fifth of respondents said it takes between six and 15 minutes for IT to resolve a password related problem, while 17 per cent said it takes more than 16 minutes.