No more hassle with passwords. Automatic single sign-on.
Secure access to data and applications is a top issue in almost all sectors. Whether enterprises, educational institutions, hospitals or government agencies: every organization must ensure that only authorized users have access to files, networks and applications. The international standard for information security (ISO 27001) provides the basics for this. The minimum requirements for secure passwords are also laid down here—because passwords are omnipresent.
Everyone uses them, everyone needs them, and most of the time, not just one, but several. Passwords are among the most important gatekeepers in protecting against unauthorized access to individual data and entire networks.
The challenge: the requirements for a strong password have become so complex that even well-organized users grow tired of passwords over time. This is not only annoying for the user but also a danger for the organizations themselves. After all, it's about protecting intellectual property and the integrity of sensitive business data that should not fall into unauthorized hands. Here, single sign-on solutions from ELATEC and its partners represent an exit strategy from the password jungle that is as reliable as it is user-friendly.
Brief overview: ISO 27001 and its fields of application.
ISO 9001 for quality management and ISO 14001 for environmental management: these are the "ISOs" that are familiar to just about everyone today. More familiar among IT experts is ISO 27001, whose scope is information security in private, public or non-profit organizations. It is the most recognized international standard for information security management systems and includes binding guidelines for establishing, implementing, maintaining and continuously improving them.
One aspect that should not be missing from any information security management strategy concerns the assignment and use of secure passwords. Within the company, they regulate access to networks, applications, and sometimes even individual files. The implemented password system must ensure that only authorized users have access. The ISO27001 standard defines the most important parameters for secure passwords. A so-called "non-compromisable" password, for example, should consist of at least 8 characters (including a combination of upper- and lower-case letters and special characters and numbers) and should be changed regularly.
In theory, that sounds good. But it is also a fact that users look for the path of least resistance. That's why the password solution must be simple in order to be widely accepted. If you have to use highly complicated passwords to gain access to different files and applications several times a day, ideally on different devices, you will quickly lose track. And your nerves. The workaround is often to write down passwords on pieces of paper that are stuck directly to the computer, clearly visible to everyone.
Or you can choose a very simple password, such as your own birthday, your wife's name, or simply "password"—still one of the top three passwords.
Single sign-on. Security and convenience in one.
The automatic single sign-on procedure offers a perfect alternative here. It combines security during authentication with a high level of convenience for users. In the future, they will no longer have to remember passwords, but will use either an RFID card (such as their employee ID) or simply their smartphone. These media are held in front of the reader, and users are given access to the relevant applications or files, for example, during the PC logon process. From a technological point of view, logon can be accomplished with a card and contactless RFID technology such as MIFARE Desfire MX, LEGIC Prime or FIDO2. Alternatively, the smartphone is used with Near Field Communication (NFC) or Bluetooth® Low Energy (BLE) technology. A hybrid solution of card and smartphone is also conceivable to enable secure and convenient one-time logon.
Noticeable relief for the IT department.
The benefits of automatic single sign-on are many. The readers are easy to install, and users and IT departments save the time that has to be invested in searching for passwords or in creating new passwords. This also has positive financial effects. Especially in complex environments with differentiated access to programs, applications or devices, the single sign-on process is a big win. As a leading provider of contactless authentication solutions, ELATEC accompanies you in finding solutions for your organization. Our portfolio includes not only readers and identification media but also best-in-class software and service. Only the right software and in-depth personal consulting guarantee that you are well-positioned in the long term.
THE ELATEC NEWSLETTER Your authentication update
As a frequent reader, you will always be up to date with the latest information on the topic of authentication, know the current trends and receive valuable tips. By signing up to our newsletter, we will make sure you won't miss any new blog articles ever again. And on top, you get even more exciting news on our products, events and industry trends.