So ... your Jetnet password is "Fluffy" — your dog's name.

To access your payroll statements, you use your mother's maiden name.

To use the Non-Rev Travel Planner, it's your SABRE password — the name of your favorite sports team.

And it's easy to remember all these passwords because they're written neatly on a card taped to your computer monitor.

"I get heartburn just thinking about it," says IT Security Coordinator Gary Meech. "Fortunately, we've been able to take steps to solve the 'multiple password' problem and keep our corporate information secure."

According to Maya Leibman, managing director, employee technology, "We've received thousands of comments about Jetnet in the past year, and by far — it's not even close — the most common has been 'there are too many passwords.' Single Sign-On addresses that."

"Single Sign-On" (SSO), says Meech, means providing one single network identity for each employee. More practically, explains Leibman, "SSO means when you sign on to Jetnet, you don't have to sign on again when you want to use the NRTP or ePays."

Based on employee feedback, there were three primary SSO targets. The first was benefits information, formerly known as "PeopleLink," which was addressed in March. The second, the Non-Rev Travel Planner, was implemented in November. Finally, ePays SSO for domestic payroll arrived in early December.

"Obviously, we're pleased that we were able to respond to employees and meet all three of these goals," says Leibman. "But we have more to do, and we're doing it."

Next on the docket for SSO are department-specific sites. As a test case, aaflightservice.com has already been successfully integrated into Jetnet. "Flight Service employees can now log on to either site and immediately have access to both," says Leibman.

But the convenience of SSO also means additional responsibility for employees, warns Meech. Using obvious passwords, writing them down, sharing them — these practices will have to stop for SSO to be a truly secure process.

"The same concept applies if you leave your house without locking it," says Meech. "As a responsible person, you choose to lock your doors. Passwords 'lock your online doors.' No technology can protect us from ourselves." In some instances, employees may be tempted to share their password with a trusted co-worker. "Of course, that's never happened here, since it violates corporate policy," says Meech with a perfectly straight face.

Because many employees access Jetnet from public or shared computers such as Jetsets, an extra layer of security remains — an automatic timeout after 15 minutes of inactivity.

"We're trying to balance security with convenience," says Leibman. "Just like we're doing for our customers in the airports."