Tech & Innovation in Healthcare

Find out if biometrics and separate keys are the wave of the future.

Clinicians have full schedules, and every minute counts when meeting with their patients. Taking time to input complex passwords for each website, electronic health record (EHR) system, or computer adds up over the course of the day, which reduces the time the providers can spend with the patients delivering care.

Learn how passwordless options could help save your healthcare organization time and improve security.

Identify Issues With Password-Centric Login Methods

“The need to manage passwords and overcome problems related to them lead[s] to massive frustration and lost productivity,” wrote Jeremiah Salzberg, chief security technologist, CDW in online analysis.

With every app, website, and networked system people are connected to, the chance for repeated passwords increases. This poses a severe risk for cybersecurity, especially for those in healthcare. Plus, relying on passwords for your healthcare organization’s systems can be costly since you’ll need to have a helpdesk specialist on staff or an outside specialist on call in the event of a password reset.

A March 2024 Keeper Security report found that 52 percent of IT teams struggle with stolen passwords that can lead to breaches. At the same time, the growth of artificial intelligence (AI) has also allowed the use of AI for malicious purposes, such as sophisticated phishing attacks and cracking passwords.

Adding two-factor authentication (2FA) or multifactor authentication (MFA) has increased security, but cybersecurity experts are leaning toward passwordless login options to further enhance their security measures.

Use Unique Identifiers

Biometric authentication, or biometrics for short, requires a biological feature to verify the user’s identity. Common biological features used are fingerprints, retinas, voices, or facial scans.

For example, certain smartphone users can hold their phone up in front of their face to unlock the phone and other smartphones have fingerprint sensors built into the touch screen so you can open your phone without typing a password or numeric code.

Biometrics are incredibly beneficial to healthcare professionals, as the identifiers are unique and hard to replicate for cyberthreat actors attempting to gain unauthorized access. Not to mention, scanning your face or fingerprint is much faster and easier than remembering and typing in complex passwords of capital and lowercase letters, numbers, and special characters several times during patient encounters (and throughout the day).

While helpful, you should also note the drawbacks of relying on biometric authentication. If you’ve set your phone or tablet up to use your fingerprint or face to unlock the device, and you’re wearing gloves or a surgical mask at the time, you may have difficulty accessing the device. However, this can be solved by also setting up voice recognition on the phone or tablet.

Approve Access From Your Phone

Another option for passwordless authentication is a push notification sent to your phone or tablet. Push notifications are the boxes that pop up on the top of your device’s screen when you receive a text message, a new email, or an update on your meal order.

This authentication technology sends a notification to your registered mobile device with information about the authentication attempt and you can then approve or deny the request. The information can include geolocation; a device identifier like the make, model, or operating system; and an IP address.

Take Advantage of Web-Based Authentication

The next step toward passwordless logins is with web-based authentication (WebAuthn). WebAuthn is an application programming interface (API) that registers users to servers and recognizes the users via public key cryptography rather than having the user input a password.

Once the user registration is complete, the user receives a credential, which is a pair of keys for access. The key pair includes one public key stored on a server and one private key that remains on a private device. The server uses the public key to verify the user’s identity.

WebAuthn is highly secure since the public key needs the private key and vice versa to provide access, and the private key is randomly generated and separate from the server, which helps make the keys safer from phishing and hacking attempts.

Could Passwordless Logins Be the Future?

Time will tell whether all healthcare practices and organizations will move to passwordless authentications, but from a security standpoint, the option appears to be gaining traction.

According to CyberArk, “Passwordless Authentication strengthens security by eliminating risky password management practices and reducing attack vectors. It also improves user experiences by eliminating password and secrets fatigue.”