How Are IBM i Systems Affected?
The updated password recommendations hold good and bad news for IBM i organizations. The good news is that the movement away from complex passwords with special characters isn't that much of a change at many IBM i organizations. The latest State of IBM i Security Study shows that 46 percent of systems don't require users to include digits in their passwords.
NIST's new password guidelines also back off the recommendation that users make periodic password changes. The reasoning is that remembering one strong password is hard enough. When users have to change that password frequently, they're inclined to choose weaker passwords. Now, users should change passwords if there is reason to believe a password has been compromised, such as a data breach. For the 26 percent of IBM i systems that never require users to change their password, this updated guideline should be reassuring.
The bad news is that password length is an area where most IBM i systems fall short. In 2018, 63 percent of systems studied imposed a minimum password length of six characters or fewer. With the increased emphasis on password length, the latest NIST guidelines suggest that these systems are even more vulnerable that previously believed.
Some Password Concerns Remain Unchanged
One long-standing issue is IBM i profiles using default passwords, where the password is identical to the user name. This situation has always been a security problem and the updated password guidelines don't change that. Over half the systems included in the latest State of IBM i Security Study have more than 30 profiles with default passwords.
While NIST's new recommendations seem to ease some of the rules around passwords, many IBM i systems still have settings in place that mission-critical systems at risk.
How to Make Password Management Easier
Users often find password restrictions burdensome. It's human nature to look for the path of least resistance—and when it comes to passwords, that means short, simple, easy-to-remember passwords. The new guidelines can make life easier for users, but removing the need for special characters won't eliminate password problems entirely. Users will still forget from time to time, and many will still prefer to use the shortest password possible.
A self-service password reset tool makes it easy to require IBM i users to select strong passwords and reset password themselves when they forget.
Powertech Password Self Help is one such tool that significantly reduces the burden on IBM i users and the help desk by making users self-sufficient. It's simple to set up and simple to use. Administrators can set a strong password policy. If a user gets locked out of his account, he can reset it quickly, without calling the help desk. Since users get back to work faster and the help desk can focus on more important projects, the return on investment for a self-service tool is substantial.
To learn more about how Password Self Help works and what it can do for you, watch the video below.