More Than Just a Free Newsletter
Become a Tame Your Practice member for FREE and receive our newsletter, special offers, and exclusive members-only content.
Enhancing Security Online – Multi-factor Authentication
Have you created an emergency client transition plan as required by your code of ethics? My new book, Private Practice Preparedness, with co-author Nancy Wheeler, will guide you through making such a plan and includes easy to use templates. Get 15% off the purchase price with the exclusive code found in the Tame Your Practice Members section.
You are likely aware of the reported 5 million Gmail passwords that were leaked on a Russian forum a few years ago, and the increasing number of such breaches since then. Even though Gmail has recently reported that less than 2% of those username/password combinations were current, this is another reminder that we can’t be too careful online.
In addition to using strong-passwords, and a password manager (I use LastPass), I strongly encourage everyone to use Multi-Factor Authentication (now, more commonly referred to as Two-Factor Authentication or 2FA) whenever possible. As it’s name indicates, multi-factor authentication requires the entry of at least two pieces of information in order to access secure data or accounts. It’s the digital equivalent of producing two forms of identification in order to obtain your driver’s license or passport. Even if someone else were to obtain your password(s), they would also require another piece of information or equipment in order to access any of your accounts.
Multi-factor authentication can be as complex as thumb prints and retinal scans, or as simple as a second password or randomly generated code. The most common forms are physical devices and secondary codes generated by a companion app. Physical devices include things like a YubiKey or thumb print reader. It’s also possible to turn any USB Drive into a secondary physical security factor. These devices will typically attach to your computer and provide an additional way to prove your identity. Companion apps, like Google Authenticator, install on your mobile phone and periodically generate a unique code. In addition to your password, this code would need to be entered for you to gain access. Without these physical devices or code generators, someone with your password cannot access your account(s)
Multi-factor authentication is especially important when utilizing a password manager, but can also be employed with individual accounts. This is strongly recommended when logging into services like Google and Apple that provide you access to multiple accounts with a single username/password combination. While multi-factor may take a bit of time to set up, and a brief moment of extra time when logging in, I strongly recommend it’s use for anyone wanting to protect sensitive personal or clinical data. The trade off is well worth it considering you will now how an extra security blanket.
Similar articles you might be interested in!
Tame Your Practice membership is free and provides therapists access to exclusive content, discounts, and deals from partners!
Recommendations for technology, web sites, secure email, phone, credit card processing, therapy tools/interventions, podcasts, and much more!
Health Information Exchanges (HIE) are an initiative related to the Affordable Care Act and the HITECH Act. Their purpose is to ease the communication between the EHR/systems of various providers of health care, because the EHRs themselves are behind in doing so (i.e. interoperability).
About the Author
Rob has been covering technology and business news for mental health professionals since 2011. His extensive experience in IT, business, and private practice allow him to synthesize information in a friendly, digestible manner. He also enjoys time with his family, ultimate frisbee, and board gaming.