Password skirmishes: keeping the costs down

Managing passwords could be unbelievably expensive, as Boeing found out - with cold hard cash.

Who knew that managing passwords could be so unbelievably expensive?

Boeing did. The aerospace company recently estimated it was spending millions of dollars a year — Boeing would not provide an exact number — in support costs and lost productivity because of password management tasks.

Boeing provides intranet access to 150,000 employees, many of whom need to access multiple databases and other servers. Now consider that an employee forgets his or her password an average of four times a year, and each call to a corporate helpdesk to reset a password costs $14 to $25, according to Gartner. Multiply those figures and you get an uncomfortably large number.

Is your company facing a nightmare in password management? YES

"Password reset becomes a very expensive bucket of support for companies," says Kris Brittain, a research di rector at Gartner.

Many businesses are now automating that process with self- service password systems. In April, Boeing started rolling out Courion's Pass wordCourier — a self-service password system — to all of its intranet users. The Courion system lets network users automatically retrieve or reset their passwords through a Web browser, verifying their identity by asking for easy-to-remember information, like an employee identification number. Another Courion product, ProfileBuilder, lets employees up date personal information about themselves.

In addition to Boeing, Courion has recently landed customers that include Bear, Stearns & Co., SunTrust Banks and Target. Tom Rose, vice president of marketing, says one reason password-reset systems are gaining acceptance is that employees are growing accustomed to such automated services. "There are social considerations with this — people are used to talking to the helpdesk to change their password," he says.

Courion's system starts at $15 per user and increases based on the number of databases and applications a company's users need to access. Courion says it provides password connectors that cover roughly 95 percent of its customers' platforms.

M-Tech is also capitalizing on the password problem. In recent years, it has shifted toward selling P-Synch, its password-synchronization and password-reset software, which it sells for $30 per user, with volume discounts of less than $10 per user.

"The recurring theme was that enterprise users had too many passwords to remember, and they had poor password-management policies," says Idan Shoham, M-Tech's chief technology officer. "But there wasn't anything available to solve this problem in a heterogeneous environment."

M-Tech recently struck a deal with, which will integrate a light version of P-Synch into its Resolution help desk software. Similarly, helpdesk vendor Peregrine last month said it will incorporate Courion's Password Courier into its system.

Big purveyors of enterprisewide infrastructure software have also jumped on the trend. BMC Software, Computer Associates International and Tivoli Systems are more actively pitching the password-management features of their security software. Joe Skocich, a marketing manager at BMC, calls the automated password-reset feature of BMC's Control/SA a "home run" with customers.

"It's one of those rare entities in the information technology world where you can buy a product and with very little services solve what's costing you money," he says.

Quick Hit

Do the Math

19 percent Portion of all helpdesk calls that are to reset passwords

$14 to $25 Cost to a company per helpdesk call

4 times per year How often the average user forgets his or her password

Source: Gartner July 9, 2001