Sep 27 2022

5 Questions About a Passwordless World in Healthcare

As approaches to cybersecurity evolve, organizations look beyond the password.

Are you ready for a world without passwords? Earlier this year, tech giants Google, Apple and Microsoft announced efforts to support passwordless sign-in standards set by the FIDO Alliance and the World Wide Web Consortium. For organizations intrigued by this future, consider these five questions about passwordless workflows:

1. Why is Password-Only Authentication a Security Risk?

Qwerty. 12345. Password. Many people aren’t good at coming up with strong passwords, and even more may reuse passwords for multiple services. Hackers can crack passwords by brute force. But the biggest risk with password-only authentication is single-factor authentication. Using two-factor authentication resolves this with a second layer of defense, forcing users to confirm both something they know (a password) and something they have, such as a cellphone.

Click the banner for access to exclusive HealthTech content and a customized experience.

2. How Does Password Spraying Work?

Attackers repeatedly attempt to compromise password-only accounts, especially internet-exposed services. They’ll use a list of common usernames and passwords in hopes of finding a match. Then they will “hope and spray” millions of passwords to try to find one that works.

3. How Can an Organization Start to Prepare for a Passwordless World?

At a minimum, ensure two-factor authentication is in place. That level of authentication will require you to set up the necessary infrastructures and learn more about passwordless authentication. You can also learn about industry-standard services such as trusted platform module and FIDO that set forth strategies for replacing passwords.

EXPLORE: Five steps to achieving passwordless authentication.

4. What Is a Passkey, and How Does It Work?

A passkey is typically a PIN that’s part of public-private key cryptography. It’s a private key that unlocks an account secured by a public key. A public key cryptographically linked to the private key is then verified, providing secure passwordless authentication.

5. What Are Healthcare's Concerns about Passwordless Workflows?

Healthcare organizations are subject to strict regulations such as HIPAA. Before embarking on this journey, organizations must ensure they do so while following all HIPAA requirements to protect patient health information. Healthcare facilities also have a massive attack surface, with thousands of connected medical devices used by clinicians. Roaming devices are a key concern because of the need for providers to reauthenticate themselves. A proper training program is critical for a successful passwordless system rollout.

UP NEXT: Learn how to create single sign-on solutions for healthcare to improve efficiency.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT