Biometrics, the analysis of physical features such as eye, face, and finger characteristics, might seem an extreme form of access control for city employees, but the driving factor was efficiency. Both the city's IT department and its approximately 2,000 employees had struggled to maintain up-to-date and secure password protection.
"We struggled, users struggled, and independent auditors were pressing us to change our passwords at more frequent intervals," says Scott Harmon, assistant director of information services with the City of Glendale.
However, the more stringent the IT department made the password policy, the more difficult it was for users to comply. Glendale employees were already having difficulty remembering passwords changed every 90 days. Auditors were now recommending password changes every 60 days. Required to create new eight-digit alphanumeric passwords four times a year, users often scribbled their passwords on Post-it notes, inside a desk drawer, or on a piece of paper tucked away at their desks, which compromised the security of the city's data.
In an effort to ease the burden, the IT department synched a single password to multiple applications. "Users could have a single password for NT, NetWare, and the PC screensaver," says Harmon. But Windows itself wasn't synched, and the effort proved to be no more than a Band-Aid.
"Users still overloaded the help desk," he says, noting that 90 to 95 percent of all users failed to change their passwords at the end of the 90-day period and got locked out of their computers and applications. The only way to sign in was to call the help desk, which is manned by two full-time staffers and a part-time technician. It took approximately five minutes for a help desk technician to reset each user's passwords for Microsoft Outlook, Windows NT, and NetWare.
Lynn Haber reports on business and technology from Norwell, Mass.
