Introduction

Identity and access management are hot topics in most organizations today. Few periodicals or Web sites of a business or technical nature do not reference network security, identity, and access management. If kids can hack into school systems and banks, how secure are organizations, especially the small to medium-sized ones without extravagant resources for security experts?

This is one of the major reasons why password policies have changed dramatically from what they were 10 years ago. Some of you may remember when passwords were not such a big deal; you just typed in abc123 or something just as simple and you were through. Frequent password changes were unheard of. Ah, the good old days before hackers and Sarbanes-Oxley. Well, that has all changed. For years now, security specialists have warned us about how important it is to secure our networks and data. We were and still are told that we must have stronger security and more stringent password requirements. The new policies, although a nuisance, are intended to protect the organization and the organization s intellectual property from would-be hackers and corporate espionage.

The result has been difficult for users and has created more work for administrative staff. Even worse, it may have ultimately weakened password security. Statistics show that the average workplace user can have up to 30 passwords to remember! In the old days, that may have been simple, you would just use your favorite pet s name for every password. Now, with more sophisticated software and security...