It’s the bane of the modern-day insurance office: keeping track of the many passwords required to log into a myriad of systems and websites. Whenever I talk to anyone in our industry about real-time transactions, I hear over and over that the No. 1 pain point is managing an ever-growing list of passwords.
For insurance agents, many of those passwords are to access carrier websites.
I was reminded recently of Bill Gates’ bold prediction more than a decade ago that biometrics, smart cards and other forms of authentication would soon make passwords obsolete. But the reality is that there has been an explosion in password use. According Cybersecurity Ventures, the number of passwords will likely surpass 300 billion by 2020.
It’s not uncommon for large agencies to maintain thousands, if not tens of thousands, of passwords across their organization. But managing passwords is a chore. Users forget them, or worse, they do not maintain them in a safe manner. A survey last year by Hypersocket showed that 40 percent of employees use techniques to remember passwords that are not secure. About a fifth (19 percent) admitted to writing down passwords, and another 21 percent said they routinely use easy-to-guess passwords such as their spouse’s name. (Editor’s Note: The Hypersocket analysis is based on a survey of U.K. office workers.)
When I recently spoke to a group about security, I asked how many in the audience had used the name of a pet or child as a password. Over half the people in the room raised their hands.
Security and ease of use are the main reasons why industry leaders formed ID Federation, a nonprofit organization tasked with developing legal and technical standards to facilitate a single sign-on for the entire insurance industry. Agencies, vendors and carriers put their competitive differences aside to create a secure, streamlined login called SignOn Once.
To the users who have piloted SignOn Once, it must seem like magic. Imagine, just one user ID and password! No more constant maintenance of separate logins for real-time transactions or carrier portal—all with adherence to the strictest security standards necessitated by our industry.
The original pilot group consisted of Vertafore, a major carrier and several agencies, including Aronson Insurance of Needham, Mass., and WRG Insurance of Warwick, N.Y.. I’m pleased to say that SignOn Once has been a huge success. We have not had any login issues at all.
Several large carriers that are on the board of SignOn Once are getting actively involved, and many agencies have expressed an interest in using SignOn Once, and having more carriers support ID Federation.
Perhaps you’ve heard of ID Federation, but from a carrier perspective, you’re not sure it you’re ready to join. Here are five reasons why you shouldn’t wait:
1. Greater security. ID Federation has developed a trust framework (downloadable at IDFederation.org) to protect the security of its federated partners. By using individual credentials and tokens, and certifying identity providers (vendors such as Vertafore and Applied Systems), SignOn Once ensures logins are safe and eliminates many of the issues associated with poor password protection.
Participating carriers accept and rely on the authenticating credentials and tokens presented by the identity providers. These providers go through a certifying process to maintain a high level of security. Once a carrier accepts a user’s identity, associating it with a user name and password already on file, there really isn’t anything more it has to do. Users need only log into their identity provider once each day for seamless access to a carrier’s website.
The advantage of this approach is two-fold: The carrier continues to control who has access to its company portal; the user doesn’t have to manage separate credentials to log into the carrier’s system. With ID Federation, there are no separate logins to federated providers and carriers, only the one-time login using SignOn Once.
2. Reduced calls to your IT help desk. The vast majority of calls to IT help desks are from users who have forgotten or need to reset a password. Imagine reducing those types of calls to zero—well, at least for SignOn Once users. That’s been the case with the agencies that have used SignOn Once. There simply haven’t been any password issues.
3. A leg up on your competition. Smart carriers are starting to see that SignOn Once has competitive advantages. It establishes your company as being on the forefront of technology and as a carrier of choice when it comes to simplifying workflows and interacting with agencies. As more and more agencies begin to use SignOn Once, the competitive edge will go to the carriers who are federated partners and accept SignOn Once credentials.
4. Easier to do business. SignOn Once allows carriers and agencies to do what they do best: sell insurance and service clients.
With a seamless, secure connection to insurance vendors and carriers, users can spend more time collaborating and less time worrying about passwords. The loss in productivity from login failures has real bottom-line impact —both to agencies and carriers. Put another way: Your agents can write more business if they don’t run into password errors accessing your site.
5. Minimal IT investment. Ask your security team to review the standards on the ID Federation website. The changes you’ll need to make to your security infrastructure are minimal. You need to be able to associate the SignOn Once credentials and tokens with your user IDs, and your real-time portal must be able to accept these tokens. That’s it in a nutshell.
Now is the time for carriers to step up and join ID Federation and use SignOn Once. You’ll be helping to move the industry one step closer to a world where passwords are obsolete —and making access to your website easier and more secure.