I recently attended Retail’s BIG Show conference and started up a conversation with an IT staffer of a regional retail chain. Over the course of our conversation he shared with me that it was his company’s corporate policy to provide a single, shared password for his store’s workers. From the store manager to the shelving stockers, they were all using the same password.Confused, I asked him why they didn’t just give each employee their own password.
Turns out they were facing significant roadblocks with their password reset functionality. They didn’t have an automated process in place, so each time an employee would forget a password and need it reset, that request would go to the IT department at the chain’s headquarters. Typically each instance of a password reset request would take an estimated 30 minutes of IT’s time. With 90 stores in total, you can imagine just how time consuming the resets became for IT. Inefficient and unproductive was how it was described to me. It gets even worse when you factor in the time lost for each employee who had to wait for a password reset.
It was much easier for this retail chain to have all employees within a store use the same password than to deal with password reset requests.
However, while at surface level this process was running smoothly, they were overlooking the security risks they were opening themselves up to with this shared password approach.
As I thought about the struggles this retailer faced with password resets, the challenges really boiled down to two issues:
The retailer didn’t have a self-service password reset system. If they did, users could have resolved nearly all of their password issues themselves, using a web-based client or interactive phone response system, rather than going to IT.
User struggles with passwords
Password resets became an issue because users needed their passwords reset to begin with. They were forgetting them, most likely because they were either required to use a password format too difficult to remember or were juggling so many different passwords they couldn’t remember them all.
The good news for this retailer is that both issues can be solved by one solution - an identity and access management platform.
In addition to the many other efficiency improving automation features it contains, an IAM solution automates and streamlines the password reset process. Users simply answer a number of challenge questions and then reset their own passwords. IT won’t be inundated with time consuming reset requests and users won’t waste time waiting for IT to address their password issue.
Another benefit of using IAM technology is its SSO capabilities. Users won’t face the struggle of remembering multiple passwords. They only need to memorize one unique password which can be used to access all their systems and applications.
Finally, a good IAM system may remove passwords altogether, instead offering users alternative methods of authentication that utilize badge taps, mobile technology or even characteristics of the users themselves, such as fingerprint scans or facial recognition.
Manual password resets can be a hassle and barrier to productivity, but sharing one password throughout an entire store or office is not the way to address those issues. That approach only brings you more problems. IAM solutions, like RapidIdentity, offer easy and simple solutions to inconvenient password resets, while also securely managing employee access.
If you’re still struggling with password resets, I invite you to talk with us and learn how you can conquer those struggles.
Other blog posts that might interest you: