It seems that a very common problem with partner resources online, is the whole issue with passwords. This may sound like a small thing, but when you are trying you best to get your partners ‘mindshare’ putting a password between you and then can be the straw that breaks the camels back.
Lately I have spoken with several vendors that are making use of not just one password for their partners, but multiple. By this I mean; partner goes to site and logs in, then tries to access some resource and is asked to log in again with a different password. To make matters much worse, passwords are issued to the partner. They are not able to define and manage them as they see fit.
If your partner facility sounds like this, then it should not be a surprise to you when you monitor the traffic you have on that facility and find that it does not get used at all. This is a wasted investment on your part, in resources, time to develop and effort in keeping that facility updated. The biggest cost to your organization is the opportunity cost of not activating those partners effectively.
The other area of debate is just how much of your partner site really needs to be behind a password. Not all information needs to be protected and therefore could be put on the main site without the need for a password. Unfortunately if you take this approach it tends to split the partner portal into two, with some information this side and some the other side of the password. If you think your password protected facility does not get used enough, try removing half the value and putting that on your public site. This will surely kill what traffic you had to the rest of the facility. So what is the solution?
My recommendations for password protecting your site are as follows:
1) You need to password protect your data. These problems do not obviate the need for security so don’t attempt to break the site in two to solve the issue.
2) Allow your partners to create and manage their own passwords. Just like when you use Gmail, or Facebook, you create your own account and its yours to manage as you see fit. A partner portal should be no different (and AccountMaven works this way)
3) Don’t put silly restrictions on passwords to make them more secure. If your partner likes to always use the word ‘partner’ as his password – don’t make him insert special characters, numbers and upper and lower case. This will just annoy him and make him forget the custom password you made him choose. This is not a bank account so security does not have to be that tight.
4) Finally, and the most important point. Once your partner logs in and you have validated his credentials, don’t expect him to log in again with a different password. If you are deploying additional resources from outside vendors you really need to integrate their security into your primary facility. If they can’t achieve this I would tell them its a deal breaker. Don’t waste your investment on something that will not get used.
