FB pixel

Passwordless authentication for healthcare possible with biometrics: Imprivata

White paper from new FIDO member outlines maturity framework for path to passwordless
Passwordless authentication for healthcare possible with biometrics: Imprivata
 

Imprivata has published a new white paper on how to navigate “the journey to passwordless for healthcare,” covering passwordless authentication in the healthcare sector. Healthcare organizations, it says, face “unique obstacles related to shared mobile devices and workstations, clinical workflows, plus legacy apps, which make achieving full passwordless a challenge.”

“While all industries contend with cybersecurity threats, healthcare is among the most-targeted industries, due in large part to the criticality of patient care, as well as the perceived value of personal health information (PHI).” And passwords are “the weakest link.”

Yet passwords are pesky, in that they are so deeply embedded in complex systems. To succeed, any alternative must be at least as easy and efficient as passwords. But generic authentication solutions can’t account for the complexities of healthcare infrastructure.

The white paper breaks down the arguments in favor of phasing out passwords. In short, they are far too phishable. Passwordless authentication reduces credential sharing and attack surfaces. Operationally, it can improve end user experience and reduce costs.

Diverse workflows, liveness detection key considerations

But there are conditions that must be met to successfully deploy passwordless authentication for healthcare use cases. Different devices and workflows have different authentication criteria and each case should be considered for its specifics. A shared clinical workstation does not have the same authentication options as, for instance, a shared mobile device.

Design-wise, “simplicity prevails over complexity.” It is crucial that clinicians are always able to authenticate quickly and easily when they need to. The solution must also be secure.

Biometrics offers a secure and efficient “something you are” identification factor for multi-factor authentication (MFA), the paper says. “For clinicians, centralized biometrics are a commonly-selected option, as this modality allows users to enroll once and then use the enrollment across devices. Biometric enrollments can be centralized or stored on the local authenticator.” They work well on mobile phones and other mobile devices and require minimal user interaction.

However, says Imprivata, “the security of facial biometrics cannot rely solely on the possession of a biometrics secret, since obtaining a picture of a user is easy for an attacker. Instead, Presentation Attack Detection (PAD), also called liveness detection, is needed to ensure that an authentic person is in front of the camera, and not a photo, video, or someone wearing a silicone mask.”

Imprivata outlines framework for passwordless maturity

Acknowledging the impracticality of trying to go cold turkey on passwords, Imprivata has developed a framework that denotes stages of maturity on the journey to fully password-free authentication, from Level 0 (“Passwords everywhere”) to Level 4 (“Passwords no longer exist in any systems”). Most healthcare organizations, says the paper, are at Level 1: tap-and-go has reduced password use, but reliance on passwords still means a phishable attack surface.

Yet the transition requires a surgeon’s gentle touch and precision. “Change management while rolling out passwordless with frequent input from stakeholders – especially clinicians – is key to success.”

Imprivata now a sponsor member of FIDO Alliance

No group loves passwordless authentication more than the FIDO Alliance, so it tracks that Imprivata has sought and obtained membership in FIDO. In a press release, Andrew Shikiar, executive director and CEO of the FIDO Alliance, says Imprivata’s expertise in healthcare and other mission-critical industries will support FIDO’s mission to “advance a global commitment to open industry standards for strong authentication.”

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

World puzzled by lack of public trust in massive technology corporations

Sam Altman and Alex Blania, figureheads and evangelists for cryptically related firms World and Tools for Humanity, recently spoke at…

 

Milwaukee police debate trading biometric data for Biometrica facial recognition

Although it has pledged to seek public consultation before signing a contract with a biometrics provider, the Milwaukee Police Department…

 

Italian regulator holds out hopes to collect fine from Clearview AI

Italy data protection regulator, the Garante, has not given up on collecting the millions of euros in fines it imposed…

 

Vietnam’s major telcos join GSMA ID verification, fraud prevention initiative

Vietnam’s largest mobile network operators, Mobifone, Viettel and VNPT, have signed up to fight online fraud and enhance identity verification…

 

Ethiopia pilots platform to facilitate access to govt services using Fayda digital ID

The federal government of Ethiopia has launched the trial of a platform dubbed “Mesob” that will make access to digital…

 

Irish politicians clash over regulation allowing police use of facial recognition

Work on drafting the legislation that would allow Irish police forces to use facial recognition is “well advanced,” according to…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events