Along with news from Yahoo wanting you to forget about your password altogether, I’ve noticed much more discussion this week regarding passwords and two-factor authentication.

Spotted on twitter via @DrGrumble, I discovered that someone is going through an exercise with Google Docs to survey healthcare workers about their experience of using passwords to access IT systems.

The survey is very well written and asks some basic questions regarding the use of passwords and users’ experiences with them – i.e. using, losing and re-setting them.

Some examples of the questions:

Have you ever had problems resetting your password? *
E.g. resetting when prompted only to find the new password doesn’t work, or calling IT because of failed access and wasting a lot of time getting a new password/ not being able to find the right people?

Have you ever had problems remembering your password specifically because you have so many different usernames and passwords to remember? *
E.g. having too many to remember or entering the password for one system into another system by mistake.

Recording Passwords
Have you ever recorded your passwords in order to not forget them? *
E.g. writing them down on a piece of paper or storing them on your mobile phone?

You can view the whole survey here.

There’s clearly an attempt to understand, at least from a qualitative point of view, the effect that all of this is having on patient [data] safety and users’ productivity and therefore the cost of maintaining the status quo [i.e. password usage].

The results will be very interesting but I certainly expect them to confirm the many previous examples of such surveys and research done over the past decade or so.

  • Of course it’s difficult to remember passwords
  • The problem only gets worse if you have many passwords for many systems
  • It gets worse still if you force people to change passwords often
  • To make people remember “complex” passwords adds to the problem
  • Many of us re-use passwords across multiple sites (even I do)
  • Many of us are forced to write passwords down in an attempt to remember or use them*
  • We’re all frustrated and angered about the issue, why doesn’t anyone do anything about it!
  • We have password overload!

Yet Another 2FA System

In a previous blog, I presented my frustration over the fact that there was a very similar set of problems looming as websites and services introduce their own special form of Two Factor Authentication (2FA) or One Time Password (OTP) solution. Even this weekend I learned that Yahoo was about to launch their own OTP system.

We don’t need any more systems! We do need federation of passwords and 2FA/OTP platforms. With the introduction of cloud based applications such as Microsoft’s Office 365 and the need to mix authentication to these together with our more traditional on-premise solutions and locally hosted directory services; the need for federated 2FA solutions is imperative.

SafeNet Authentication Service

SafeNet Authentication Service is a cloud based two factor authentication system that works with and integrates on-premise directory services and authentication with 3rd party cloud based applications such as Office 365 and Salesforce or Google Apps.

SAS-diagram-protect-everything

If you’d like to know more about SafeNet Authentication Service (SAS), then please get in touch, or please register for one of our IT Security Workshops using the button below.

  • I’ve nothing but praise for Robert and the team and despite their long trading history have seen how they have maintained a strong, exciting and invigorating culture of success within their business which, for me, having had 20 years in application development is often more important than pure technical capability as it’s this consultative and empathetic approach which extracts the requirements from non-IT staff to enable Ecommnet to design and deliver a stronger better product.

    — Jason R Wilkinson, Head of Business Transformation, Westfield Health
  • During our 2FA POC and subsequent move to live system, Ecommnet provided a very attentive and responsive support service whenever we encountered problems.  Using the team’s web support portal to raise support calls and requests for changes results in a fast response and provision of support ranging from phone support, through remote console access to site visits as required. Due to the implementation of the 2FA system we now have secure remote access to internal resources while ensuring security compliance.

    — Allen Haigherty, Technical Support Officer, Kirklees Council
  • With the team’s help I was able to get the OTP authentication set up in time for our PCI audit. I just want to say I was very impressed with the level of service and the responsiveness, and the fact they were able to help us out under incredibly tight timescales speaks volumes.

    — Robin Whitehead, Technical Director, Iridium Corporation
  • Robert and the team were excellent, they qualified our environment quickly, were very strong on integrating security and mobile environments and the pilot went in easily. It was nice to deal with a company that was more than just a reseller, they truly believed in the solution and it was a great win for us to find their set of skills just down the road.

    — Steve Watchman, IT Executive, Newcastle Building Society
  • Ecommnet was able to create and deliver an all-new website that has in a short space of time received many compliments and generated enquiries. The team is accessible, helpful and responsive and have removed the ‘pain’ of IT. We were so pleased that they’re now entrusted to look after all our IT infrastructure.

    — Nick Bailey, Director, Elan PR
  • After 6 weeks of implementation issues with a competitive product, Ecommnet were a breath of fresh air, helping us out of a very tricky situation with a great solution in just two days. What a fantastic team; extremely helpful, technically competent and able to deliver.

    — John Clayton, Network Consultant, Kirklees Council
  • Ecommnet has proved an invaluable partner, especially when developing technology solutions to loosely defined business ideas. They bring a diverse range of ideas from their work to produce innovative approaches to solving problems. They will back their ingenuity by sharing in the risk of developing solutions, and having proved a concept will ensure the same team work with you to create a fully fledged product.

    — Michael Bennett, Director, Charles Stanley & Co Ltd