Single Sign-On Solution Solves Password Problems at Verity CU
SEATTLE -- Password problems are a thing of the past at Verity Credit Union.
Calls for resets have been nonexistent since the CU deployed a single sign-on solution this spring, said Jon Wu, a systems engineer at the $388 million Verity.
Prior to that such calls were routine for the help desk, which helped staffers make their way into 10 to 15 applications, ranging from ADP payroll to Fidelity debit card management to American Express transactions and CO-OP ATM management to the core system itself from Open Solutions, Wu said.
"About a year ago, we began really realizing the need for a solution to the password problems we were having, and through observation and surveys, we knew a lot of our users wanted something that could simplify all their passwords and allow them to log in without all this input," he said.
Wu and his colleagues decided to go with the OneSign single sign-on product from Imprivata Inc. of Lexington, Mass.
"We could have gone with a lot more inexpensive solution, but one of the reasons we went with this is because it does more than just allow our 115 or so users to reset passwords," Wu said. "It also lets them take control of their passwords, and it adds another level of encryption and security, since the passwords are encrypted end-to-end on our network.
"It also adds efficiency to our member service. Before, when a member was interested in something out of the ordinary, someone would have to open a different application to do that. Now they just have to log on once," he said.
The offering comes in the form of two appliances--one for production and for backup. The browser-based software allows the system administrator to establish policies, such as how complex and long passwords need to be and how often they need to be changed.
Imprivata said its business has doubled in each of the past two years and not just because people forget passwords.
"Studies consistently show that most calls to the IT help desk involve resetting forgotten passwords, of course, but regulatory compliance and internal security are our big drivers right now," said Geoff Hogan, the company's senior vice president of business development and product management.
"In the financial sector, whether it's Red Flags or Sarbanes-Oxley or Basel II, all these regulations impact how you authenticate, how you audit who came on, when they came on...those are critical capabilities we provide," Hogan said.
"As for pure security, a lot of internal security breaches have come to light here and around the world, and being able to have complete audit trails, information our appliance captures and provides with the press of a button, along with the ability to change passwords automatically, is of great value in today's market," he said.
Currently there are 30 to 50 credit unions among Imprivata's customer base of more than 650 organizations, with health care and financial services the two largest markets, Hogan said.
He also said it doesn't matter which core processor a credit union uses, "because we can support any type of application, really, and we don't require any hard connection points. It's a Web services network solution and just connects at the front-end screen level, clean and simple."
In addition to desktop computers, the OneSign solution "also seamlessly integrates with every type of strong authentication modality, things like fingerprint biometrics, smart cards, one-time password tokens and proximity cards...any type of device that organizations want to use to authenticate their employees onto the network," Hogan said.
He also said that "ease of deployment and operation is what has made OneSign successful in the credit union market. They usually have limited IT resources, and this is something that really requires a limited amount of resources to maintain."