August 11, 2021 Business Resources

Securing Your Accounts beyond Just a Password

Many online accounts now require additional authentication beyond just a password. Financial institutions, credit cards, and even email providers ask users to input a short code when you access your data on their websites. This code is typically sent to you via text, email, phone call, or generated by an app.

This is called Multi-Factor Authentication (MFA). MFA requires you to have two different types of authentication factors. These types would need to be from two different categories which include:

  • Something you know. This is the common password that we are all familiar with.
  • Something you have. This is often a separate email account, cellphone, keycard, USB stick, or time-based one-time password (TOTP) application (Google Authenticator, Microsoft Authenticator, etc.).
  • Something you are. Fingerprints are the most common, but iris scans, voiceprints, and other items may be used under certain circumstances.
  • Someplace you are. Systems may require physical proximity or GPS verified coordinates.

The increased use of MFA on the internet is in response to both the amount of data that we store online as well as how cybercriminals try to access this data. According to the 2021 Verizon Data Breach Investigation Report, more than 80% of all hacking incidents stem from the usage of lost, stolen, or guessed passwords. More than 15 billion stolen credentials have been catalogued and are available in various forms on the web. Relying on only a password is not enough to stop these types of attacks on your data.

How Can MFA Help?

MFA helps to address this risk. If someone obtains your password for a website or guesses it, they will still need a second factor such as a cellphone or fingerprint to gain access. If someone has access to your cellphone, they will still need that password which only you know to gain access. The combination of these two separate types of factors greatly reduces the risk of account takeover.

What is CDPHP Doing?

In response to these threats, CDPHP is enhancing the MFA options available to our members by adding the options of code via text and app to our existing option of email. Allowing for these various options when accessing your data on CDPHP.com will allow each of you to choose the option that best fits your lifestyle and comfort level, while providing a higher level of protection to your data.

Soon, when you access your CDPHP online member account, you will be walked through a process to choose the MFA option of your choice. This simple, one-time enrollment process will then give you added protection for your data which you have entrusted CDPHP with. Following that enrollment, when accessing your data from a new device or from a device we haven’t seen in some time, you will be asked to provide the additional factor once you enter your password so we can know it is really you.

We look forward to extending this new feature to all of our valued members to better protect you and your health care data from the evolving internet threats.

Jason Baczynski
About Author

Jason joined CDPHP in 2010 and currently serves as the Vice President of Security Assurance and Control. In this role, he works to ensure that CDPHP remains protected against threats to the confidentiality, integrity, and availability of CDPHP systems and data. He holds CISSP, CISM, and CDPSE certifications and won the CISM Worldwide Excellence Award from ISACA in 2014.

Leave a Reply

Before leaving a comment, please read the comment policy.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Related stories that you might enjoy next...