FB pixel

Passwordless authentication for healthcare possible with biometrics: Imprivata

White paper from new FIDO member outlines maturity framework for path to passwordless
Passwordless authentication for healthcare possible with biometrics: Imprivata
 

Imprivata has published a new white paper on how to navigate “the journey to passwordless for healthcare,” covering passwordless authentication in the healthcare sector. Healthcare organizations, it says, face “unique obstacles related to shared mobile devices and workstations, clinical workflows, plus legacy apps, which make achieving full passwordless a challenge.”

“While all industries contend with cybersecurity threats, healthcare is among the most-targeted industries, due in large part to the criticality of patient care, as well as the perceived value of personal health information (PHI).” And passwords are “the weakest link.”

Yet passwords are pesky, in that they are so deeply embedded in complex systems. To succeed, any alternative must be at least as easy and efficient as passwords. But generic authentication solutions can’t account for the complexities of healthcare infrastructure.

The white paper breaks down the arguments in favor of phasing out passwords. In short, they are far too phishable. Passwordless authentication reduces credential sharing and attack surfaces. Operationally, it can improve end user experience and reduce costs.

Diverse workflows, liveness detection key considerations

But there are conditions that must be met to successfully deploy passwordless authentication for healthcare use cases. Different devices and workflows have different authentication criteria and each case should be considered for its specifics. A shared clinical workstation does not have the same authentication options as, for instance, a shared mobile device.

Design-wise, “simplicity prevails over complexity.” It is crucial that clinicians are always able to authenticate quickly and easily when they need to. The solution must also be secure.

Biometrics offers a secure and efficient “something you are” identification factor for multi-factor authentication (MFA), the paper says. “For clinicians, centralized biometrics are a commonly-selected option, as this modality allows users to enroll once and then use the enrollment across devices. Biometric enrollments can be centralized or stored on the local authenticator.” They work well on mobile phones and other mobile devices and require minimal user interaction.

However, says Imprivata, “the security of facial biometrics cannot rely solely on the possession of a biometrics secret, since obtaining a picture of a user is easy for an attacker. Instead, Presentation Attack Detection (PAD), also called liveness detection, is needed to ensure that an authentic person is in front of the camera, and not a photo, video, or someone wearing a silicone mask.”

Imprivata outlines framework for passwordless maturity

Acknowledging the impracticality of trying to go cold turkey on passwords, Imprivata has developed a framework that denotes stages of maturity on the journey to fully password-free authentication, from Level 0 (“Passwords everywhere”) to Level 4 (“Passwords no longer exist in any systems”). Most healthcare organizations, says the paper, are at Level 1: tap-and-go has reduced password use, but reliance on passwords still means a phishable attack surface.

Yet the transition requires a surgeon’s gentle touch and precision. “Change management while rolling out passwordless with frequent input from stakeholders – especially clinicians – is key to success.”

Imprivata now a sponsor member of FIDO Alliance

No group loves passwordless authentication more than the FIDO Alliance, so it tracks that Imprivata has sought and obtained membership in FIDO. In a press release, Andrew Shikiar, executive director and CEO of the FIDO Alliance, says Imprivata’s expertise in healthcare and other mission-critical industries will support FIDO’s mission to “advance a global commitment to open industry standards for strong authentication.”

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Liquid identity verifications surge past 60M as Japan leans into chip-scanning

Liquid has reached the 60 million digital identity verification milestone with its online KYC service, with a surge in verifications…

 

Car dealerships rev up digital ID verification to counter rise in identity fraud

Whether it’s a fake credit history, a phony license or a test driver with a stolen identity who makes tracks…

 

GovTech to deliver $10 trillion in value by 2034, says WEF

At the meeting of the World Economic Forum (WEF) in Davos this week, tech is front and center – and…

 

Davos discusses digital wallets, AI economy

This year’s Davos World Economic Forum (WEF) is bringing not only tense trade talks between the U.S. and Europe but…

 

ASEAN updates guidance on deepfakes

The threat of deepfakes is entering high-level discussions from Southeast Asia to Davos. The Association of Southeast Asian Nations (ASEAN)…

 

Philippines faces 36 million backlog in ID cards

The Philippines are still facing a 36 million backlog in distributing the country’s national ID cards which will need additional…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events