Industry Insights with Michael Magrath

Authentication , Biometrics , CISO

Multifactor Authentication - A Key Component of the "STOP. THINK. CONNECT." Initiative By Michael Magrath @ VASCO
Multifactor Authentication - A Key Component of the "STOP. THINK. CONNECT." Initiative

Too often security experts and security companies focus on the business to business (B2B) or business to government markets (B2G). STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online addressing the consumer.

Last month, the White House and the National Cyber Security Alliance (NCSA) launched "Lock Down Your Login," a STOP. THINK. CONNECT.™ Initiative. "We were basically approached by the White House. The president wanted to do something on online security education and awareness, and the White House thought strong authentication was an important point to stress," Michael Kaiser, the NCSA's executive director, told CBS News.

Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media. 

Kaiser said the "Lock Down Your Login" campaign will urge consumers and businesses alike to be more cognizant of the security threats posed by traditional username-password combinations that many cybersecurity experts see as behind the times in the face of increasingly sophisticated and widespread hacks. The NCSA reports that an incredibly high 72 percent of all Americans believe that their accounts are already secure with just a username and password."

Click here to read article.

"Lock Down Your Login" recommends that you as consumer "fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media." I would also add healthcare records to that list given the personal nature of health information and the wealth of personally identifiable information they contain.

On October 4, the Healthcare Information and Management Systems Society (HIMSS) North America and the NCSA released "2016 Practical Tips on Safeguarding Information for Healthcare Organizations". Among the tips, "Use multi-factor authentication". Use two different factors of something you know, have, and are.

The HIMSS/NCSA tip sheet supports HHS's Office of the National Coordinator for Health IT's (ONC) strategic roadmap milestone of "Verifiable Identity and Authentication of All Participants" calling for strong authentication to access patient portals in lieu of passwords to reduce vulnerabilities in identity theft and for health care organizations to implemented identity-proofing and authentication best practices.

Earlier this year the HIMSS Identity Management Task Force, which I chair, published identity proofing and authentication recommendations for patients accessing their health information electronically. Included in the guidance are discussions about how to conduct identity-proofing and authentication at a high level of confidence, with the smartphone as the key use case, how to handle delegating access to patient information and addressing situations where a user would like to remain anonymous.

Virtually every industry is prone to cyberattacks, online fraud and identity theft. For years banks have secured online transactions for commercial accounts and private banking customers via multifactor authentication. Now through organizations like the NCSA and HIMSS, multifactor authentication may finally become mainstream in industries including healthcare, personal banking, e-commerce, education and online gaming. Having the White House lead the charge can't hurt.



About the Author

Michael Magrath

Michael Magrath

Director of Business Development, VASCO Data Security

Magrath is a nationally recognized leader in field of healthcare identity management. A frequent speaker and thought leader, he is an active member of the Identity Ecosystem Steering Group (IDESG) established in response to the Obama Administration's National Strategy for Trusted Identities in Cyberspace (NSTIC) and participates on IDESG's Healthcare Committee and is a member of HIMSS' Identity Management Task Force. He previously served as Chairman of the Smart Card Alliance's Health & Human Services Council from 2010-2014 where he spearheaded workgroup initiatives to stimulate the understanding, adoption, use and widespread application of smart card technology in healthcare. Currently, Magrath leads the healthcare business group at VASCO Data Security. Prior to VASCO, he served as Director for Identity Solutions for DrFirst and focused on streamlining and securing the identity management process for healthcare providers nationwide and increasing the adoption of electronically prescribing controlled substances (EPCS).




Around the Network