Happy New Year! Do you have a new year’s resolution for your business? I suggest that you resolve to use strong passwords for all online access in 2024.
Passwords have been used to protect sensitive information for decades. I remember my first exposure to agent portals was creating a password-protected website for a carrier, so agent production metrics could be shared without the sales representative having to visit the agency. That was effective in 1998. But with technology progression it is not an effective security procedure in 2024.
Your password is the equivalent of a closed door. Yes, it is more difficult to gain access than through an open door — e.g., a website — but it is still relatively easy to enter for a nefarious actor with the necessary tools. How easy is access for a hacker? Hive Systems 2023 Password Table estimates that an eight-character password with numbers, upper- and lowercase characters, and symbols can be cracked in five minutes.
There are various definitions of what constitutes a “strong password.” The Global Cyber Alliance defines a strong password as “(1) your password + (2) something unique to you.” The unique-to-you item can be a token (e.g., Google Authenticator, Microsoft Authenticator, FIDO device, etc.), verification code or biometric (e.g., fingerprint or face recognition). This combination is called multifactor authentication (MFA).
Use of MFA is like having your digital door both closed and locked. And yes, some locks are stronger than others, but any lock is better than no lock. Microsoft estimates that basic cyber-hygiene, which includes MFA, can prevent 99% of security hacks.
Improve cyber-protection with operational security
For the typical independent agency with 10-plus carrier connections, using a different MFA process for each carrier portal access is cumbersome.
ID Federation was created by peers in the insurance industry to help agents both be cybersecure and maintain operational efficiency. One of the organization’s goals is to make use of MFA both easy and secure. The ID Federation Trust Framework enables an agency to share credentials from its agency management system once each day with carrier partners and then to access carrier agent portals — without having to re-enter IDs, passwords or MFA information.
Working together, agents, carriers, and technology companies can have cybersecurity and operational efficiency.
Encourage your carriers to participate in ID Federation
Help make the industry more secure with operational efficiency for independent agents. With SignOn OnceTM by ID Federation, agents don’t need a different MFA sign-on with each carrier partner. They use their management system credentials to securely access carrier agent portals. This is in production today with the two primary management system providers — Applied Systems and Vertafore — and with carrier partners like The Hartford and Nationwide.
Alvito Vaz is executive director of ID Federation. He is a long-time participant in AUGIE and has held business and technology leadership roles at Progressive and Travelers. He can be reached at alvito@idfederation.com.
