Mark Burnett (no, not the Survivor producer), in his 2005 book, Perfect Passwords: Selection, Protection, Authentication, offers a list of the 500 worst passwords of all time. Presumably, passwords made this list because they’re easily guessable or susceptible to dictionary or brute force attacks, though they also make for an interesting look into human preoccupations — and what humans typically do when they try to be clever (or when they’re just phoning it in, like those who settled for “whatever” and “letmein”).
Care to guess how many of your users are choosing passwords that appear on the bad password list? If you enforce strong passwords, how many of those passwords are written on Post-it notes plastered all over monitors (or very slyly and cleverly stuck to the bottom of keyboards)?
The Best Password Is No Password
The problem is too many complicated, human-unfriendly passwords. The best answers to that problem are Security Assertion Markup Language (SAML) and web browser Single Sign-On (SSO) using an identity provider, which eliminate the need for passwords altogether. But one of the worst ways to implement those technologies is to host and manage your own identity provider, which can be difficult to configure and expensive to maintain, even if it’s a free (as in beer) open source solution.
Enter cloud-based identity providers like OneLogin, with whom SAManage has partnered to offer secure, one-click access to our SaaS IT asset and service management solution. Integrated with more than 1200 other SaaS apps, OneLogin offers a powerful and easy-to-use alternative to on-premise SAML/identity provision.
Moving Toward a Cloud-Based, Password-Free Workflow
Thanks to our SaaS ITSM SSO integration, SAManage users now get all the benefits of a traditional identity provider and single sign-on without the hassles. Since OneLogin is integrated with so many cloud-based apps, including Google Apps, Dropbox, and GoToMeeting, and features them all on a single dashboard, users get easy access to what could quickly become an entirely cloud-based workflow. And all without a single password or Post-it.