Credit Union Says They Identified Passwords for 80% of Staff

People and passwords—in the long run, they just don't work very effectively together. At least that's what Phil Fowler, vice president of IT at Telesis Community Credit Union, a Chatsworth, Calif.-based financial services provider that manages $1.2 billion in assets, found out. His team ran a network password cracker as part of an enterprise security audit last year to see if employees were adhering to Telesis' password policies. They weren't.

"Within 30 seconds, we had identified probably 80% of people's passwords," says Fowler, whose group immediately asked employees to create strong passwords that adhered to the security requirements. A few days later, the team ran the password cracker again: This time, they cracked 70%. (Click on photos to enlarge)

"We couldn't get [employees] to maintain strong passwords, and those that did forgot them, so the help desk would have to reset them," says Fowler. Telesis decided to secure network and application access with a biometric system that eliminated the need for user IDs and passwords, opting for the DigitalPersona fingerprint system from DigitalPersona Inc. in Redwood City , Calif.

Telesis rolled out fingerprint-based network and systems access technology in its headquarters and credit-union branches. Once Telesis has thoroughly tested the system, the company will deploy it in the offices of Business Partners LLC, its business loan services partner. Users no longer need to remember IDs and passwords because DigitalPersona authenticates enrolled personnel via fingerprint scanners, tying the fingerprints to 256-character passwords that it randomly generates every 45 days.