The Improv Blog

Kronos Workforce Central New Features: Security

Written by Raymond Ney | Feb 03, 2012

Continuing with enhancements Kronos Workforce Central upgrade customers receive, let’s dive into:

The New Kronos security features!

and talk a little about passwords...

There are several components in all versions of WFC (Workforce Central) that help determine security for employee and manager access. In the broader realm of security, I’ll review the following items: System Settings as it relates to logging in. Similar to the image of the person setting their home security system above, you may smile :) after reading. 

For one, security has been enhanced in WFC version 6.3 to include the ability to allow the user to reset their own password.

What is one of the most frequent calls to IT? In this scenario, let’s assume IT does the password resets. Many employees call with the same problem:

“I set my Kronos password, now I need YOU to reset it because I’m locked out”.

Now an IT super-user needs to get involved, logging into the employee’s people record and changing their password AGAIN! Now why, I ask, should IT have to stop what they are doing to reset it? Even worse, why should a manager wait for that same IT super-user to make that change?  What about a WFC employee that needs to record a time stamp? Why should they wait? Well now, similar to what you see in other web sites, WFC users can be asked a series of security question(s) to allow them to reset their own passwords. Kronos uses the same tried and true questions you have seen before, like: “What was your childhood nickname?” Not bad, but what if I moved as a child and had 2 different nicknames? I myself have never liked some of these “default” security questions. I prefer questions with only one possible answer, like: “What city where you born in?” That’s just as easy to answer, but there is only ONE correct answer. 

You have the option to change these security questions or stick with the defaults. Kronos added this new feature in WFC version 6.2 and above to reduce the amount of time IT spends on the phone with password resets. The WFC manager or super-user can configure security question(s) that allow the manager or employee to reset their password. Also introduced are complex password requirements as well: a win for security officers wishing to meet compliance. More important is the Security Alert Editor starting with version 6.2 (under System Configuration) and the capability to export a security audit easily to meet SOX requirements.

In closing, Kronos has made concrete improvements in the area of password security. While nothing they have done in this version can be recognized as a breakthrough, they have managed to reach the industry standard. Why is this important? Remember that your Kronos system is accessible via the internet. Though secure, it is also accessible to anyone who has the persistence to find it.  Where do you want your system administrators’ time spent, running audits to find who is accessing the system and why, or resetting passwords?  The choice is yours, although I think I know which way you are leaning…

Disclaimer: The security question(s) to allow a password reset only work with Kronos authenticated users (those manager or employees that do not login to WFC with their network password). Those using integrated or network logins do not have the “Change Password” link when signed into WFC. For those users however, security audits can still be performed. As always, comments are welcome!