The Password Conundrum

Sounds somewhat familiar right! Well most of us have this dillema everyday… I dont think I have to hire a ghost writer to write this puzzling story for me… My daily email vocab should be good enough to express the challenge we face everyday as we try to remember more and more passwords!

The First Login: Your System!
Imagine getting up in the morning on the 31st morning and trying to login into your system after a few failed attempts because you were forced to change the password after the mandetory 72 days you set for yourself…

The Second Login: Your eMail Account!
Wheather you want to check your personal email or official ones, you need to login somewhere. Even setting up your POP or IMAP accounts need you to have your passwords set in the outlook or netscape! So if unluckily you changed that too, you know there is another one little messy thing in the secret note you keep in your wallet!

The Second Login: Your bank account!
… then trying to login into your bank account to check if your salary was posted and you changed that too hurriedly to sync it up with your system password and then realized that the online site doesnot allow silly passwords and you end up setting up a super secret sleazy password! You mostly forgot it because it had to be a special character and you dont know what you chose. So you want to mail it to you… Grrrrr now this is bank site, its extra secure and you have to provide a primary and secondary ID to get the password mailed to you.
May be you were success full and had it mailed… but now you don’t remember which mail id you registered with! OMG! that is a tough one! So you frantically search through your old emails and finally recover it…

Well I am kind of scared about the whole scenario and wanted to end it there… but you know it very well that this is not the end of it… there is always one more to remember and one more to change each day!

The best you could do one day is get 8/10 passwords sync’d up! Lucky you, my best is 5/15! Now if I have to chose a bank, I go by how long they have the online password change and how easily I can reset it… not secure, but you know what I have had enough!

This is where I need some industry wide sign-me-once standard! Well I belive with federation there is going to be one and we will have remember less and less number of passwords to remember. There has been a lot of progress in this quest of a single sign on, including OpenSSO, Windows Live ID, SAML (federation), CAS, Shibboleth, OpenID etc. Two strong contenders in this race to create a single sign on experience is the OpenID project and SAML implementations. And I think each has its own strengths and limitations. In this ID wise trail we will discuss each of the existing and prevalent solutions as well explore new possibilities.

Meanwhile till the next stop, I came across this pretty interesting blog from Justen Stepka… Bon Reading..
http://www.jstepka.name/blog/2006/12/17/crowd-vs-saml-vs-liberty-alliance-vs-openid-vs-cas-vs-shibboleth/

Welcome to IAM Wise

Welcome readers and curious blog hunters, “digg”ers and “slash-dot”ters to my new blog! So what do you think about the blog title – the proclamation of a pompous, self conceited, egotist who’s up to no good! Well whatever you choose to use as the prefix, the ever so deceptive acronym for Identity and Access Management will turn out to be some profound self proclamation! And for those who know what IAM is, I believe, have learned to live with that perception.

Lets get back to business – more about this post, about the technology, business and the over all idea and finally of course something about me – the humble soul behind this profound proclamation!

I am (and now this is the real me:)) – trying to piece together all my blogs, scraps and notes together into one consolidated blog which will cover the Identity and Access Management space.
I will cover topics like, how to come up with a security model for identity management and access management. What are the tools and methods available. What are the analysts talking about when it comes to products. … and of course my usual rantings!

Why a new blog on Identity Management?! Well of course, everyone’s got a different perspective and the more the number of new ideas in any field, the better it gets. Its just my two cents space that I would like to contribute and expand this exciting field of technology. I would like to bring in the experience I have got as an application developer, a infrastructure analyst and a system architect together into this field and give it a holistic perspective.

Well… what’s the waiting for now! Lets get started… Hope you get here what you are looking for in the ever expanding field of IAM – and it makes you IAM Wise!

This blog is also available at: http://valmikim.blogspot.com/