Skip to content

$@&* passwords! (Multiple post-its vs. SSO)

We all have a number of online accounts for which a password is required; the bank, credit cards, your physician’s portal, social media, shopping sites, etc.  At ISE we trust that you are diligent at constructing a password that you can remember, but also that others would not easily be able to guess.  That can certainly be difficult, especially with some sites having very specific requirements for the construction of a password.

IBM Access

Are your system users as diligent with their work passwords as they are with their personal passwords?  Possibly not.  As a random test I went on seven different IBM systems (iSeries and Power systems) to see if any of the passwords were set the same as the user profile, and you guessed it, multiple incidences, ranging from 7 to 190.  Not all these passwords that are the same as the user profile may be for individual users.  There are known and published passwords for IBM systems as well as vendor software.  ISE would be happy to check your system, or help you check, for passwords that are the same as the user profile.

Password Rules

Your IBM system allows you to set up various restrictions for passwords.  Restrictions including minimum and maximum password length, whether numbers are required or not, whether repeating characters or numbers are allowed.  It can set whether reusing a password previously used is allowed, how long (in hours) a user must wait to change their password again.  It can limit if someone is able to set up a new password that has the same characters in the same positions as their previous password, etc.  Your IBM system can also determine the number of times a user can try to sign on unsuccessfully, as well as the action to take after the number of attempts has been reached.

Single Sign On

Have you considered single sign on (SSO)?  SSO can allow a user with one set of login credentials (a user profile ID and password) to access multiple servers and software applications your business uses.   This could allow your user to sign into Windows (for example) and then be able to access your IBM i systems applications as well without having to separately sign on to the IBM i.  Having only one optimized user ID and password to maintain per user for all your applications can improve productivity as well as security.  Limiting searching or fumbling between multiple logins, as well as decreasing time resetting them, and on the phone with IT in general.

 

All of these options were made available on your IBM system to help protect your company data.  At ISE we can assist you, reviewing the potential exposure you may have with your current user profiles and make suggestions for improvement.  Advising you on where & when SSO may be best utilized.

Jeanne Balzuweit

Senior Programmer/Analyst with Information Systems Engineering, Inc.

Leave a Comment