"Show me the way 2 Amarillo Peter Kay" becomes the password "Smtw2APK".

Employees find it particularly difficult to remember passwords for systems used infrequently. It may be best in these cases to look carefully at a process to see if there is a more effective way of gaining access to the information needed; for example, a senior manager who needs information each month is best provided with an emailed report or Excel worksheet that can be interrogated rather than being given direct access to the system.

If a password is stored on your PC in any way - even if it appears on screen as asterix's the password can be identified.

How Can IT And HR Work Together On This Issue?

HR is a key support of change management, helping managers to identify and make changes in processes and introduce new systems. In many organisations a significant amount of IT's support budget is spent on resolving unnecessary password issues; if employees understood just how much money this costs then password practice might improve and system enhancements could be afforded - is this a good issue to build in organisation communication or performance based pay?

We are all human, so any password policy should be practical as well as secure - there should be a quick but safe procedure to follow if passwords are forgotten or if someone suspects a password has been revealed. Quick reactions here from IT will help encourage users to change passwords when needed and not to misuse them. From an operational HR point of view, in circumstances where an employee is perhaps suspended pending investigation of misconduct, a speedy

response is needed from IT to block user access. Equally, when an employee leaves the organisation for any reason, HR must notify IT immediately so that the User ID can be amended or removed.

Right from the beginning, the policy should be for processes and IT systems to be designed and used so that there is never a need for one person to know the password of another. No amount of education and lecturing will work if in order to get an important matter dealt with urgently for a customer, a password has to be divulged.

Note that IT support personnel often get so bound up in dealing with user passwords they forget that they should also change their system and administrator passwords appropriately! This should form part of any policy.

Senior Management Support

Lastly, and it should go without saying, any password policy needs to be supported by senior management. If managers are seen to act free and loose with passwords and to bend the rules to suit, the rest will follow

So the message to HR is get your board and management committee behind the policy at the outset.

Was this useful to you - let us know - are there IT mysteries you would like explained?

Linda Ryan
linda.ryan@ryansolutions.co.uk

Allyson Cole
www.itaccessed.co.uk
info@itaccessed.co.uk

IT Acronyms Explained

VOIP
Voice Over Internet Protocol

To non-techies the term sounds uninspiring, but making telephone calls over the internet rather than the traditional telephone network can save both large and small companies lots of money. VOIP works by transmitting voice over the internet in the same way as data is transmitted, e.g. an e-mail - hence the cost saving: you pay for you broadband access not the length of you e-mails. The sound quality is now very good and it is relatively simple for all companies to implement. Savings are especially good on calls abroad.