New security enhancements: password complexity and multi-factor authentication

Posted By on 15 September 2020

There has been an interesting debate between HosPortal and customers recently about the merits of various security enhancements and privacy controls.

We are aware that many of our customers want their data stored in Australia. This has been available for an additional fee (due to costs related to some of the aspects of our software architecture) but will soon be the default for all Australian customers.

More interestingly has been a discussion about password complexity and multi-factor authentication (MFA) which we will soon have implemented at the request of a customer.

For those interested in password complexity and reflect – as we do – on how silly some of the industry-standard rules are, it is worth reading this article about the zxcvbn algorithm, developed by Dropbox. It is considered a good measure of real password sophistication to ensure protection against a range of real-world attacks. An implementation of the algorithm can be assessed here (although we recommend you do not test it by entering your actual real personal passwords).

We have been deliberately slow to implement MFA for some time, but aware that we are increasingly swimming against the river of expectations for cloud-based logins (the flow of that river is increased by articles like this one). Our target users, being doctors, are often not keen on having a two-step login to find something in a hurry, the sensitivity of the information that people get access to through their login is pretty low (HosPortal often replaces roster and contact information kept on public display or shared drives at many hospitals), and MFA means that it is not possible to have a generic login that hospital can issue to the switchboard or nursing station for read-only access.

We have listened to some strongly-held views from our customers and will soon have the option to set a minimum password complexity and turn on MFA for your users.

Back to News