Editor’s Note: Dean Wiech is the Managing Director of Tools4ever, a global provider of access management and governance solutions. Dean has worked with healthcare organizations, educational institutions, municipalities for more than 20 years, helping them identify solutions that make their businesses and operations more secure, efficient and easier to manage.
Passwords are everywhere. The headlines might tell us otherwise, but their death, and the exaggeration of such, means that they are and will continue to be used in nearly every business setting for the foreseeable future. Biometrics and other scanning devices are attempting to make a claim on the market, especially in the field of healthcare. However, if you’re a caregiver making rounds, a mechanic, a CIO, a bank teller or an employee at a manufacturer, chances are better than average that you access these systems with a user name and password, or the scan of your hand and veins.
Health systems use credentials to ensure security of the information in their systems, and to protect against unwanted access to data. As with any solution, there’s likely going to be some issues incurred with these passwords or their protocols. Many passwords must be remembered, unfortunately, and employees need help resetting them is crucial to a network’s security protocols.
A Brief History of Bad Passwords
The first passwords were created in the 1960s for MIT’s Compatible Time-Sharing System. Passwords were first used because students in the program required access the system as individual entities. Each user created a password, which were then stored on the computer system. However, program leaders soon learned that this method of storage did not work after one user who wanted more time on the computer simply printed out the passwords from the machine and logged in as a different user than himself – since each user was only granted so much time per week under their identity. Program leaders quickly found that this way of storing passwords was not practical for safety or shutting down access, and the program needed more secure methods for password usage and storage. This also was likely the first recorded data breach anywhere in the world.
Next in the timeline of passwords saw encrypted passwords, used for protecting information rather than only being a gatekeeper tool. Finally, in their latest development, businesses, organizations and individuals moved into the world of passwords relying on them for their business needs and users needed to enter credentials for each system they had to access. This created the problem of users then creating nothing but simple passwords or using the same password for each system.
Users access up to an average of 12 different systems and applications to perform their jobs, according to a Tools4ever survey, but people are only able to recall six or so passwords at any given time. If a password can’t be remembered they get written down defeating the purpose of passwords.
Passwords decrease productivity, too, I sure you know. In healthcare, 91 minutes a day are wasted on bad workflows. Caregivers log in to stations 70 times or more through any given shift, eroding the already precious 45 percent of their time that they get to spend on patient care. Single sign-on technology does automate this process – you enter your credentials once for all systems and can enter all required systems. Self-service password reset technology is probably best to increase productivity when a user is locked out. This technology means employees (no matter their role or department) can reset their own passwords with a simple online form. They correctly answer security questions and are allowed in without their needing to contact the helpdesk. This task can be done from anywhere, even the bedside of a patient.
Future of Passwords
As technology evolves we will probably see a pairing of single sign-on and self-service password reset technology with two-factor authentication or more advanced methods like biometrics. Here in the healthcare environment we’re already seeing this prediction coming true. For example, two-factor authentication can be paired with single sign-on technology so that all you need to enter is a single PIN then present your identification to a card reader to automatically gain access to all of your applications.
For additional security, two-factor authentication can be paired with biometrics (the use of an individual’s human body, like a fingerprint or veins in the hand) or other physical traits that verify a user (some biometrics technology also use human voice, retina scanning, facial recognition and fingerprints to authenticate a user). Two-factor or multiple-factor authentication means stronger security without drastically interfering with your login process.
Your employees are bound to face password issues; it’s how the passwords are handled that can effect productivity and security of your organization. Password management strategies ensure issues are minimal without hindering productivity and security, but password fatigue is a real issue and only is getting worse. You can streamline password complexity across multiple departments or throughout the entire organization by automating or using a single, simple password (through a single sign-on) and you can increase security and access with such technology. Automatic resets, too, can be achieved, certainly leading to a reduction in fatigue, especially for those caregivers who are jumping from station to station caring for patients.