CIOs Search For A Way To Make Logging In Easier

Users need help in logging in and staying logged in
Users need help in logging in and staying logged in
Image Credit: GotCredit

Let’s face it, if there is one thing that nobody in the IT department likes to do each day it is log into their computer / app / smart phone. In order to do this successfully, we need to be able to remember any one of a multitude of user names and passwords that seem to be changing all the time. We struggle to create passwords that are strong enough. Then we struggle to remember what they are when we need to enter them. What’s even worse is if we stay logging in for a long time, then there is a good chance that we’re going to be asked to log back in eventually. This sure seems like a problem regarding the importance of information technology that the person with the CIO job could solve.


The Problem With Logins

One of the biggest problems that the people who work in the IT department face every day is that the internet has never had a single universal system that you can use to log into things. The result of this is that we have to keep proving who we are to each site that we visit. That’s why we end up with so many different user names and passwords. This can be difficult to do on a laptop and real challenge on the small screens that are on many smartphones. If there is any good news here, this is a well-known problem. The problem is that it does not look like there is going to be a quick fix for it.

The reason that we find ourselves in this situation is the result of two things. The first is how web sites are being set up. The second is how we tend to behave while we are online. What the person in the CIO position needs to understand is that when someone in the IT department successfully logs into a site, a “session” is created for them. This session has access to the relevant data that is associated with your account and it connects you to the appropriate online tools and servers that you’ll need in order to accomplish your tasks. The issue here is that the creation of this session creates a significant security risk. If you leave a web site without logging out and your session still exists, another user could visit the site and gain access to your session. This would allow them to gain access to all of your data. The way that web developers attempt to deal with this issue is to establish an end date for your session when it is created. What this means is that your session and your connection to the site will be automatically closed after a specified amount of time.

Security is a key part of anything that we do online. The fact that the internet can’t always tell that you are you is why you have to reconfirm your identity when you make changes to an account’s settings or when you decide to ship something that you’ve purchased to a different location. Every website has a different value for when your session expires. A common number is 15 days. Once upon a time when we only had one account to log into, having to reenter our password every couple of weeks or so was no big deal. Now that we have multiple accounts and each one of them is asking us to reenter our password, things have become more difficult.


How To Solve The Login Problem

So what’s the solution to this problem? Let’s all agree that the solution is finding a way to let the internet know that you are still you – you should not have to once again identify yourself. Various companies are currently trying to come up with solutions to this problem. Microsoft, Google and others are looking for password-free ways to determine that you are still you. The goal is to be able to extend your session for you without having to bug you to identify yourself. Different ways of doing this include having the application that you are using check to see if you are on the same network, using the same phone, or even doing the same type of work. Additional ways to tell that you are you may include how you move your mouse or how you type.

Good news for CIOs is that the World Wide Web Consortium has just ratified a new standard called “WebAuthN”. This standard allows biometric information to be used to authenticate users or physical objects such as security keys. The goal is to allow users to be able to skip the use of passwords. This will allow users in the future to be able to log into applications using a fingerprint scan or facial recognition. Ultimately the goal is to allow users to log into applications using the same techniques that they use to log into their phones. The challenge for CIOs is that this standard is a new standard. This means that we won’t be able to use these new features until all of the software that controls our devices and websites has been rewritten.

There are other steps that CIOs can take in the meantime in order to make dealing with all of the passwords that we currently have easier. If people in the IT department start to use password manager software then it can automatically log them into their applications. Users will have to log into the password manager and there may be in-app browsers that the applications won’t work with. However, in most cases this software can turn logging into something a simple two click process. Additionally, many browsers can remember how to log into sites. These browsers have the ability to autofill both data and passwords. Just make sure that your staff only use these browsers on devices that they trust!


What All Of This Means For You

The role of any CIO is to ensure that the IT department runs smoothly. This can be a real challenge to do. One of the biggest issues that is facing the IT staff these days is that in order to stay logged into the applications that they are using they have to keep reentering their passwords. This can quickly become cumbersome because of the large number of usernames and passwords we all have these days.

The root of this problem is that the internet can’t determine that we are still ourselves over time. The internet creates sessions when we log in and the challenge is that if we go away without logging out, then someone else could gain access to our session and pretend to be us. The solution to this problem is to automatically terminate sessions after a period of time. However, when this happens, we then have to log in again. This log out period is different from application to application. Many companies are working to come up with different solutions to this problem. Biometric solutions and physical objects are possible ways to solve this problem. A new standard called “WebAuthN” may solve it in the future. In the short term, using password managers and smart browsers can simplify the logging in process for staff.

The challenge of keeping track of multiple usernames and passwords slows down an IT department. CIOs need to take the time to make sure that they understand this issue. They also have to be willing to go looking for clever ways to solve this issue. Yes, keeping our applications and our networks secure is a critical part of being a CIO. However, we also have to find ways that our IT department can run smoother. Solving the user authentication problem is something that a CIO can do that will win them the admiration of their entire IT department.


– Dr. Jim Anderson Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™


Question For You: How long do you think that a user session should last in order to not disturb users but still keep applications secure?


Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

If you’ve been watching TV or reading a newspaper (online) lately, you’ve probably started to see all of the 5G wireless network ads that the major service providers have been running. It sure looks like when 5G arrives, the world is going to change. However, one of the big questions that CIOs need to find the answer to is just exactly how is it going to change. More specifically, what will the impact be on workers who want to work from home?