Security moves away from passwords
Increases in cyber crimes and the number of accounts staff need to log into has brought about the need to upgrade traditional password security. In the past, the trend was to ask staff to update their password every 90 days with a new eight character long collection of numbers, symbols, lowercase and uppercase letters. It is no wonder why our security assessments would find post-it notes under keyboards with “Burrito1” scratched out and “Burrito2” below it.
Enter two-factor authentication, also known as 2FA, which aims to increase security as well as make office life a little easier. These two factors are made up of a possible three: what you know, what you have, and what you are.
“What you know” refers to knowledge and is usually represented by passwords, passphrases, or pin numbers. The latest trend has been towards passphrases (“universal red line subway”) instead of complex passwords (fp7RtA&3%q), yet with the move to 2FA we should see the password shrink to an easier to remember pin number.
“What you have” is probably going to be the one thing you’re never without, even in the bathroom: your phone. This factor leverages SMS text messaging or an app on your phone that will give you a one-time password (OTP) for you to enter when prompted.
Lastly, “what you are” consists of physical aspects of your person such as your finger print or, as with Windows’ new Hello security feature, your face that the computer scans to verify your identity.
While this might seem like a pain in the neck, it is a lot better than exposing your private photos, emails, and bank account to the bad guys. It is a whole lot better than the ePHI breaches we’re seeing more and more in the news. Until those responsible with protecting their patients’ security start taking this to heart, and those of us charged with making it easier for them to accomplish this, will we start to turn the tide on this wave of cyber-thefts and patient data being held for ransom.
If you would like to learn more about how your practice can take advantage of two-factor authentication security, please reach out to us.