Security

11:13 AM
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

For Better Security, Keep Password Policies Simple

Password proliferation leads to bad data security habits. Here's how insurers are stemming the tide.

Agent-Focused SSO Effort

Another recent high-profile implementation of federated single sign-on in the insurance industry is SignOn Once, a joint effort of insurers, vendors, and agents through ACORD, ACT (Agents Council for Technology, a component of the Independent Insurance Agents & Brokers of America), and the Real Time/Download Campaign. Designed for independent insurance agents, the tool was developed over the past two years through an ID Federation working group so that agents who represent multiple carriers don't have to deal with dozens of passwords for the many portals they use.

"Today, from a carrier perspective, they prefer each agent has one ID and one password, but because of the pain of maintaining the passwords, some agencies will use one for the whole agency," says Jim Rogers, assistant VP of distribution technology strategy for The Hartford (Hartford, Conn.; $564 million in first-quarter 2014 earnings) and a founding member of the ID Federation. "Some very large agencies have the equivalent of a full-time person managing them."

More common were situations where agency employees shared passwords among one another on an ad hoc basis or kept insecure paper files with their many passwords in plain view on their desks. Each carrier and agency had different rules regarding suitable passwords, expiration dates, and deprovisioning of ineligible personas. It was clear, Rogers says, that something had to change. But it didn't happen overnight: Getting carriers to agree to federate IDs required lots of legal legwork. After a Trust Framework was drawn up, SignOn Once was introduced at the 2014 ACORD LOMA Insurance Systems Forum trade show.

When agents use SignOn Once, a token is created indicating that the particular ID is in use by a specific individual and passed along to the insurer. For insurers and agents alike, this goes a long way toward ensuring that the correct agency and agent are identified as making a policy sale and are appropriately compensated.

"Now you can't go to the agency next door and just sign into the carrier using your old agency credentials," Rogers says.

That's the overall goal of SignOn Once, according to Rogers: to return the user name-and-password model to its original goal of identifying who is accessing sensitive data at an insurance carrier.

"Our industry deals with a lot of sensitive information. Anything we can do to increase cyber-security and make it easier to do business is welcomed," he says. "When someone uses this, you know they're active agency employees. You can look at their security certificates. It's definitive, not separate people using the same user name and password."

Nathan Golia is senior editor of Insurance & Technology. He joined the publication in 2010 as associate editor and covers all aspects of the nexus between insurance and information technology, including mobility, distribution, core systems, customer interaction, and risk ... View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
6/18/2014 | 6:22:22 PM
re: For Better Security, Keep Password Policies Simple
At one of the events I recently attended someone made a good point: with so many data breaches happening right now, the whole idea of passwords and usernames and challenge questions as authentication doesn't seem to be working. Enterprises have been trying for a long time to educate customers on password best practices, but it isn't taking. Maybe biometric authentication or something else is the answer.
Kelly22
50%
50%
Kelly22,
User Rank: Author
6/13/2014 | 7:44:01 PM
re: For Better Security, Keep Password Policies Simple
Absolutely. Employees already have enough on their plates with their daily responsibilities - having to remember 12 passwords on top of that is a hassle. Single sign-on is more secure and easier to use for everyone.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
6/13/2014 | 6:47:53 PM
re: For Better Security, Keep Password Policies Simple
A lot of the investment in new analytics tools right now is going towards security, so I think that enterprises are already thinking along those lines. Have to know your customers to protect them.
KBurger
50%
50%
KBurger,
User Rank: Author
6/12/2014 | 6:59:59 PM
re: For Better Security, Keep Password Policies Simple
This shows how the consumerization trend also plays a role in security strategies -- companies have to recognize human behavior and employees' needs for simplicity and convenience.
Register for Insurance & Technology Newsletters
White Papers
Current Issue
Insurance & Technology Digital Issue
Innovation? Check. Core modernization? Check. Security? Check. Today's insurance IT challenges don't stump this year's Elite 8.
Slideshows
Video