Citrix password manager secures single sign-on

Citrix has launched a single sign-on application designed to take the headache out of password management
Written by Munir Kotadia, Contributor

Citrix launched a single sign-on software package on Thursday that automates the log-in process for enterprise applications. The MetaFrame Password Manager can be used as part of the Citrix MetaFrame Access Suite or as a standalone single sign-on product.

Citrix said that passwords are an expensive problem for large organisations. The company surveyed its customers and found that among firms with more than 5,000 employees, 41 percent of users used more than 21 separate passwords. According to reports from rival analyst firms Gartner, Giga and Forrester, password management costs between £15 and £120 per user per year.

Fraser Kyne, field product marketing manager at Citrix, told ZDNet UK that passwords are a headache for both users and administrators. "Between a quarter and a third of all helpdesk calls are related to passwords," he said. Trying to increase security by implementing complicated passwords often backfires: "Users forget them, write them down on a Post-It note which they pin to their monitor, and some even ask their colleagues to share passwords. This is not what the system administrator had in mind when implementing the policy," he said.

The Password Manager will provide access to Windows, Web-based and host-based legacy applications, said Kyne who explained that the software-only solution uses an agent on the client to recognise when the user is prompted for a password. The first time the system is used, users type their password into the agent, rather than the application. From that point, they will not be prompted by that application again, he said.

John Spencer, senior systems engineer at Citrix admitted that the system has some issues recognising Java-based prompts, but only the first time: "Because Java works within JVM it is a headache to get going because it doesn't understand exactly where the fields are -- it doesn't know the difference between a username and password field -- but it is configurable," he said.

According to Kyne, users will be less likely to share their primary network password, even if it is complicated: "They are only going to have one password now, but it needs to be secure. They just need to commit this one thing to memory and we will take care of everything else," he said, adding "this takes the hassle away from the users and gives control back to the administrators."

Editorial standards