As more and more organizations are adding two-factor authentication systems to their web applications, the reactions are in. Among those with appreciation for the stronger authentication mechanisms are also various criticisms of the approach, ranging from resistance due to holding-up workflow, to reminding us that even the most hardened of locks can still be picked. Whereas the two-factor trend continues to expand, as we’ve continually reported on this blog staggering numbers of organizations continue to ignore the solution, and these accounts may shed some light on the reasons for their resistance.
MedAllie’s A. John Blair MD is one such fellow that has expressed disinterest over implementing two-factor within EHR (Electronic Health Records) security at the Health IT Policy Committee in January. Citing concerns over productivity, Blair states that he sees the additional factors of security as a workflow obstacle, stating that clinical workflow should be the topmost priority when evaluating the system’s security:
“If the provider honestly believes these enhancements will improve care and efficiency–and particularly if they are indirectly tied to increased reimbursements for improved health care value–interoperability will advance rapidly. If the providers do not believe this, nothing else we do here will make much of a difference in the long run.”
Blair’s point is a certainly a valid one, though prioritizing accessibility to patient sensitive data over ensuring its security is surely a matter of conflict of interests, and so one whose right or wrong answers are purely situational. In this case, as in many, the need for security might not be apparent until data becomes compromised.
In another article, Mark Risher, CEO and co-founder of Impermium, a vendor of digital fingerprinting software lays out his reasons why the two-factor authentication system is not the be-all end-all measure for securing data that it’s being made out to be. He feels as though “service providers need to take on more of the responsibility for securing a consumer’s information online, utilizing similar proactive monitoring and not expecting [two-factor] perimeter defenses to suffice”. Stating that while multi-factor approaches to security certainly enhance it, that more still must be done to guard against hack attacks.
Risher’s suggestion is a sort of ‘virtual police’, in the form of learning algorithms that, much like actual policemen, can track and intelligently identify suspicious behavior. His description largely resembles contextual authentication, which may prove to be the heightened level of security over two-factor that some are looking for.
Read More – Physician sees two-factor authentication as efficiency barrier
Read More – Why two-factor authentication isn’t a cure-all