Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:Tools for protecting privacy and confidentiality
Slide content:Some Challenges with Passwords Common approach to security is password aging (i.e., expiration), which is less effective than other measures (Wagner, Allan, & Heiser, 2005) Session-locking: One or small number of simultaneous logons Login failure lockout: After 3 to 5 attempts Password aging may also induce counterproductive behavior (Allan, 2005) 16
Slide notes:There are a number of challenges with passwords. One approach that is commonly used is password aging: the password expires after a certain timefor instance, six monthsand then the user has to create a new password. A number of security experts have written about password aging, and the foremost conclusion is that password aging isnt a good approach to security, and it may induce counterproductive behaviors, such as writing passwords down or somehow making them easier to guess. One report argues that other measures are more effective. Session locking, for instance, allows only one or a small number of simultaneous logons, so a user can log on to only a limited number of places at the same time. There are also login failure lockoutsafter a certain number of unsuccessful attempts, the individual is locked out. But clearly, passwords will continue to be an issue in terms of protecting the security of information, including health information. 16