Computer security is the act of protecting computer systems from theft or damage to hardware, software or information, and disruption or misdirection of their services. Many systems are under constant threat of hacking, ranging from individual mobile phones to large establishments. In this post, we will focus on one of the methods used to protect sensitive data – Authentication.
Authentication is the process of confirming the accuracy of the data (such as a password) claimed to be true by an individual. The individual can be a human or a machine.
Why do we need authentication? Authentication allows us to control access as well as identify an individual accessing a computer systems. This is akin to asking for a photo ID when checking into a hotel.
There are three mechanisms by which a user or machine can be authenticated:
Knowledge Factor
Ownership Factor
Inherence Factor
There are three ways of authenticating a user when using a computer system – Single Factor Authentication, Two Factor Authentication(2FA) and Multi-Factor Authentication(MFA).
Single Factor is using any one of the three mechanisms to authenticate a user, for example, entering a username and password (Knowledge Factor). While this is one of the most commonly used method for authentication, it is slowly being phased out from being used in computer applications and systems.
2FA is using any two of the mechanisms to authenticate a user. The most common scenario for 2FA is requesting the user to enter a username and password (Knowledge Factor) followed by entering a code that is provided to the user through an App on their phone (Example: Google Authenticator) or a SMS text message or a phone call (Ownership Factor).
MFA is using all three factors to authenticate a user. For example, to access a system, the user will have to first provide their username and password, then enter a code that has been sent to their phone followed by verification of their fingerprint to complete the procedure.
At PCIC, we use MFA because protecting data is one of our top priorities. This includes patient medical history data, employee information, and all of the data we create in-house and with partners. We implement this by developing and integrating the technology into our own EMR system – StreetEMR, as well as requiring all our technology partners and vendors to support the feature.
The digital community is working hard every day to discover and invent novel methods to improve security for access to systems. At PCIC we stay up to date on these methods, to protect our patient and stakeholder data.
