As security threats grow more sophisticated and information security regulations are expanded, organizations are under increased pressure to control access to sensitive data. At the same time, IT infrastructures have grown more complex, resulting in a diverse set of hardware, software, and sign-on procedures. The increasing number of user accounts and frequent password changes make it hard for people to know their passwords by heart. As a result, people often use passwords that are easy to guess (e.g., the surname of husband or wife) or select the same password for a number of applications. Moreover, 50% of users write down their password, more than two thirds of the users tell their passwords to colleagues or friends, and 47% of the users require a password reset at least once a year.
What is annoying for private users can cost companies dearly. Experts assume that password problems cause 30% to 50% of all enterprise helpdesk costs.
U.S. Pat. No. 7,496,954 describes a system for single sign-on to a plurality of computing applications. The system includes a plurality of enterprise applications, a policy server, and an authentication data store maintaining authentication information for the enterprise applications. The system also includes internal and external user authorization data stores that maintain user authorization information for the enterprise applications. A synchronization component synchronizes to a consolidated data store information from the internal and external authorization data stores and eliminates duplicate user information. To access a first enterprise application, the user's information is authenticated against the authentication data store and authorized against the consolidated authorization data store. To access a second enterprise application, the user is not required to sign on again since the previously entered user information is used to authenticate the user, and the consolidated data store is automatically checked to determine the user's authorization level for the second enterprise application. The application-specific authentication information or authentication information relates to concrete credentials (e.g., to a concrete user ID (user identification) and a concrete password) wherein the term “application-specific” means that the particular credentials of a specific enterprise application differ from general credentials. Such application-specific authentication information by way of example contain a password but no userID.
U.S. Pat. No. 7,530,097 describes a method of controlling password changes in a system having a plurality of data processing systems having separate password registries. Contents of passwords in the password registries of the data processing systems are controlled using password content policies that are centrally shared between pluralities of data processing systems. Password management tools already available on the market like PASSWORDSITTER or PASSWORD SAFE are based on such a concept as described in those prior arts.
Typically, a password manager comprises a predefined set of rules (policies for the generation of password). Therefore, only applications or data processing systems requiring a password generated according to rules known by the password manager can be supplied by the password manager. Applications or data processing systems having other rules or policies cannot be managed by the password manager. An expansion must then be performed requiring costly migration steps during an upgrade.