Recent Ransomware attacks highlight the need to move beyond just usernames and passwords
The recent successful ransomware attacks against hospitals demonstrate how two-factor authentication technologies could strengthen security postures, at least according to security vendors.
Boroditsky and George Brostoff, co-founder and CEO of SensibleVision, a multi-factor authentication security vendor that specializes in facial recognition technology, said that many healthcare organizations still rely on usernames and passwords alone.
Two factor authentication, by its very nature, is a stronger way of safeguarding networks, systems and sensitive health data. So, for example, in addition to “something you know,” which would be a username and password, a user would be required to provide “something you are,” a biometric measure like a fingerprint, for instance, or “something you have,” like a token. That makes it much more difficult for a cybercriminal who can get past a username and password to gain access.
In healthcare, workstations are key as this is where two-factor authentication comes in. The devices we access are the front doors to the house, and two-factor authentication creates a transparent and powerful lock for those front doors.
The most common form of two-factor authentication today is sending a code via voice call, text message or e-mail to a user, who then enters the code where indicated. This is on top of a username and password, the first of the two factors of authentication. Authy then sends out these second-factor codes via mobile push notification. When first signing in using the facial recognition technology, which is the first factor of authentication, the system that first time asks the user to complete a challenge, which is the second factor of authentication.
Critics of two-factor authentication say adding another factor to the security equation harms the user experience, adding a layer of security that gets in the way of a user. Two-factor authentication proponents have a simple answer for that critique. Two-factor authentication does hurt the system user experience but security is not intended to be convenient. Where the world is today online, the sort of free-wheeling experience of decades ago is no longer possible for us to be able to conduct every aspect of our lives online without the expectation to take the extra step or two to protect online activities.
Source | Healthcare IT News
