User names and passwords are used widely in the public sector to log in to service-wide as well as agency-specific applications. With multiple user names and passwords to remember, however, government users tend to forget some of these user names and passwords, especially infrequently used ones, and spend considerable amount of time and effort to get them reset by the helpdesk. To avoid forgetting their user names and passwords, some government users even resort to writing them down or choosing easy-to-remember (and hence easy-to-guess) passwords, which could potentially compromise the security of the systems.
Over 44,000 public officers have suscribed to the
TAL service. |
“To solve these problems, many ministries and statutory boards were looking into the possibility of implementing SSO (single sign-on) solutions back in 2003-2004,” said Mr Toh Seong Wah, Deputy Director with IDA’s Government Infrastructure and Technology Division. “To achieve synergy and cost savings, IDA-GCIO, with approval from the Ministry of Finance, took the lead in implementing the centralised TAL Service to enable, among other capabilities,
SSO
with
the least impact on all ministries and
statutory boards.”
As a central service, TAL would be able to achieve economies of scale and avoid duplication of effort from agencies seeking to implement SSO solutions.
When the service was first conceptualised in 2003, the concept of using a token to assist user login was relatively new. It was also innovative in the attempt to achieve SSO without having to change the IT systems. The GCIO team achieved this by using client-side software to manage the user name and password presentation process for the user.
The TAL rollout has had a ripple effect on security management in the public sector. The security of the authentication process has been enhanced through the use of the second authentication factor – the hardware token – and the generation of a one-time password (OTP) for secure remote VPN access to Government network resources. Users only need to remember the pass-code to ‘unlock’ the token and all other user names and passwords will be supplied by the client software to the various IT systems. More importantly, agencies gain greater visibility into which application systems individual officers have access to and can remove dormant accounts of officers who have left the organisation, thereby increasing the overall security of application systems in the government.
The task of managing the multitude of user names and passwords has also been made easier and more seamless because the system allows automatic logins to systems through a single password. This directly reduces the number of password reset requests to the helpdesk.
It is estimated that the TAL Service will help the Singapore Government to achieve operational cost savings of about S$1.4 million per year through a reduction in helpdesk cost for password resets for the current 40,000 users. This does not even factor in savings from productivity improvements, which could be significant.
By helping users to reduce the occurrence of forgotten passwords, TAL reduces user frustration and more importantly, increases user productivity by eliminating the need to wait for password resets.
|
