Over 60% of data breaches can be traced to weak credentials. Employees reuse passwords or create ones that are easy to remember. Many employees add a number to their passwords and increment them each time they are forced to make a password change. These practices make it easy for hackers to gain access to a network. That’s why many dental practices are moving to two-factor authentication (2FA) to protect their network.
What is [2FA]?
2FA or two-factor authentication is a form of security requiring two different types of identification to access online accounts or resources. Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically, a password or passcode. Two-factor authentication methods rely on a user providing a password as the first factor and a second, different factor -- usually either a security token or a biometric factor, such as a fingerprint or facial scan.
Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because, even if the victim's password is hacked, a password alone is not enough to pass the authentication check.
Why is [2FA] for Dental Practices Important?
Two-factor authentication provides dental practices with increased security from cyberattacks and data breaches. Once implemented, the process can save time, money, and frustration from forgotten passwords and never-ending password changes. 2FA is an effective way to protect against many security threats that target patient data and user accounts, such as phishing, brute-force attacks, credential exploitation, and more.
Let’s say you use a username and password to complete primary authentication to an application like Dentrix. That information is sent over the Internet (your primary network). You’ll want to use a different (out-of-band) channel to complete your second factor. Approving a push notification sent over your mobile network is an example of out-of-band authentication. So why does this matter? If a remote attacker can tap into your computer via your Internet connection, they can steal your password, and your second form of authentication — if both are delivered over the same channel.
Without your physical device, remote attackers can’t pretend to be you to gain unauthorized access to corporate networks, cloud storage, financial information, etc. stored in applications.
What are the Factors of Authentication?
Factors are the pieces of information a user can provide to verify their identity. 2FA is the most commonly used, but there are, in fact, multiple factors of authentication used by security professionals today. Dental practices can choose the methods that best fit their culture. Practices can choose from such methods as:
The knowledge factor verifies identity by requesting information only an individual user would know. The most common example of a knowledge factor of authentication is a password. A user’s password should be private only to them, allowing them to use it as a method to confirm their identity.
Inherence factors of authentication verify the identity of a user by using attributes that would belong only to that user. Fingerprint scanning is the most obvious inherence factor used today.
Fingerprints are unique to individuals, so many organizations use them as a way to confirm who their users are. In addition to fingerprints, many other inherence factors are used today: voice, handprints, face recognition, and more.
Location factors of authentication confirm the identity of a user based on their location in the world. If a user had registered an account in one country, for example, and suddenly there are login attempts from another, location factors could trigger an attempt to verify the identity of the new user. Many location factors are based on the IP address of the original user and compare the address to that of the new attempt to access information.
Regardless of the method, 2FA implementation improves cybersecurity without losing flexibility.
HIPAA requires that electronic patient records be restricted on a need-to-know basis. With 2FA, authentication can be tied to access, making sure that only authorized individuals can access patient information. It simplifies control of patient information because access restrictions are put into place when the user logs in.
Given the recent cyber attacks, dental practices should strengthen their security posture, beginning with user authentication. If you are interested in using 2FA in your practice, contact Pact-One Solutions to discuss how to get started. We specialize in delivering solutions to the dental industry.
Content provided by: Carlo Sanchez | Pact-One Technical Service Engineer