This article gives an excellent overview of passkey technology, the current challenges it is facing, and sensible ways forward.
Essential reading for non-experts with an interest in authentication in health:
2 Likes
Even when using passkeys, it sounds like it’s still smart to use a password manager to store your backup passwords. To my mind, using a password manager really is a bare minimum for personal cyber security these days.
Setting them up can take a bit of work though, and people can get confused by all the different options out there. My personal favourite is KeePass, with the keyfile placed in cloud storage so it can be accessed on multiple devices (including work devices). I use this for personal and work passwords (don’t think there is any good security reason why these should be stored in different places, it just makes things harder to use).
When I was at Inland Revenue in 2017 during their business transformation, there was a big push to get staff using password managers - for both personal and work use. A couple of password manager options were made available on work devices. This was a nice way of supporting staff security practices, both at home and in the workplace. I think it would be great if Health NZ did something similar. Even if just 50% of staff were on a password manager, it would probably make a big difference.
The only thing I’m not sure about is security for shared devices in hospitals. What are some good approaches that balance security and usability? I remember reading something about a new solution that involved using swipe cards that unlock devices, this seemed like a good approach. We are developing some cyber security procedures at Health NZ at the moment, so any ideas or insights are much appreciated!
1 Like