Remembering a laundry list of passwords is not something firefighters see as core to their day job. That was the clear message given to Gary Bellfield, ICT manager at Tayside Fire and Rescue, in 2005 when he started extending application services beyond the organisation’s historical user base of 60 to all 826 of its employees – 720 of them operational firefighters.
The initiative – in line with the government’s Electronic Service Delivery directive and championed by the Tayside’s chief fire officer, Stephen Hunter – gave all users access to relevant applications, from office systems and intranet to online training and fire-risk profiling. But there was a downside: with each of the 8 to 10 available services requiring a separate password, users struggled to recall their sign-in details. Not only did that put strain on staff productivity, but it also meant the small IT team was constantly dealing with requests for password resets.
“It became a major logistical headache,” says Bellfield. “Password resets were acc-ounting for as much as two IT man days a week. And as we scaled up, we were predicting 50 to 60 password resets a day.”
The obvious move was towards some form of single sign-on, but when evaluating his options, Bellfield came across an additional technology that would make logging on a whole lot easier: biometric fingerprint recognition.
While the notion of single sign-on was welcomed by users (Tayside chose OneSign ESSO from access management software company Imprivata), the biometric interface was initially treated with considerable suspicion. “Lots of people threw up their hands and expressed concerns about their personal data being used elsewhere and their fingerprints being stolen,” says Bellfield. So one of the key parts of the project was to allay such fears.
“We, perhaps naively, thought that everyone would see the benefits, but one of the key lessons was that with such systems there has to be upfront engagement with the staff and their union representatives – to ensure that people do not misunderstand why the biometrics are being used, how the biometrics are being stored and what is actually being stored.”
In particular, he brought in experts from Imprivata to highlight how the system would not actually store ‘a picture’ of anyone’s fingerprint, but hold an algorithm-generated unique number – one that could not be use to re-construct a fingerprint.
The biometrics system both identifies and authenticates users: after either index finger is scanned (via a £50 reader), the user is automatically logged into the system and can obtain access to any application available to them through the single sign-on system.
User acceptance was instantaneous. As soon as people registered on the system, they immediately saw the benefit of not having to remember or carry multiple passwords, says Bellfield. “At that point, there were eight main systems that users had access to, all with unique log in details: that meant eight sets of user names and eight sets of passwords. For a firefighter, this was regarded as the least important piece of information they could ever carry.”