Along with news from Yahoo wanting you to forget about your password altogether, I’ve noticed much more discussion this week regarding passwords and two-factor authentication.
Spotted on twitter via @DrGrumble, I discovered that someone is going through an exercise with Google Docs to survey healthcare workers about their experience of using passwords to access IT systems.
The survey is very well written and asks some basic questions regarding the use of passwords and users’ experiences with them – i.e. using, losing and re-setting them.
Some examples of the questions:
Have you ever had problems resetting your password? *
E.g. resetting when prompted only to find the new password doesn’t work, or calling IT because of failed access and wasting a lot of time getting a new password/ not being able to find the right people?
Have you ever had problems remembering your password specifically because you have so many different usernames and passwords to remember? *
E.g. having too many to remember or entering the password for one system into another system by mistake.
Have you ever recorded your passwords in order to not forget them? *
E.g. writing them down on a piece of paper or storing them on your mobile phone?
There’s clearly an attempt to understand, at least from a qualitative point of view, the effect that all of this is having on patient [data] safety and users’ productivity and therefore the cost of maintaining the status quo [i.e. password usage].
The results will be very interesting but I certainly expect them to confirm the many previous examples of such surveys and research done over the past decade or so.
- Of course it’s difficult to remember passwords
- The problem only gets worse if you have many passwords for many systems
- It gets worse still if you force people to change passwords often
- To make people remember “complex” passwords adds to the problem
- Many of us re-use passwords across multiple sites (even I do)
- Many of us are forced to write passwords down in an attempt to remember or use them*
- We’re all frustrated and angered about the issue, why doesn’t anyone do anything about it!
- We have password overload!
Yet Another 2FA System
In a previous blog, I presented my frustration over the fact that there was a very similar set of problems looming as websites and services introduce their own special form of Two Factor Authentication (2FA) or One Time Password (OTP) solution. Even this weekend I learned that Yahoo was about to launch their own OTP system.
We don’t need any more systems! We do need federation of passwords and 2FA/OTP platforms. With the introduction of cloud based applications such as Microsoft’s Office 365 and the need to mix authentication to these together with our more traditional on-premise solutions and locally hosted directory services; the need for federated 2FA solutions is imperative.
SafeNet Authentication Service
SafeNet Authentication Service is a cloud based two factor authentication system that works with and integrates on-premise directory services and authentication with 3rd party cloud based applications such as Office 365 and Salesforce or Google Apps.
If you’d like to know more about SafeNet Authentication Service (SAS), then please get in touch, or please register for one of our IT Security Workshops using the button below.