Aetna will move from passwords to continuous behavioral authentication next year on its consumer mobile and web applications because it's more secure and easier for the end user, says Jim Routh, the health insurer's CISO.
"Passwords as binary authentication tools have been standard but are really reaching an end of life. What's necessary is more of a continuous-based authentication method based on algorithms," Routh says in an interview with Information Security Media Group.
Routh points to the recent Equifax breach, which exposed detailed information on 143 million U.S. consumers, as an example of why the password is no longer a secure form of access to accounts and web sites. For example, with so much stolen information about consumers now available for sale on the dark web, criminals can easily answer secret questions in a password reset scenario, he points out.
"That has significant impact on the viability of log-in IDs and passwords," Routh says.
In this interview (see audio link below photo), Routh, who will be a speaker at ISMG's Healthcare Security Summit in New York Nov. 14-15, also discusses:
- How continuous authentication works and its benefits;
- Why model-driven implementations are now driving the frontlines of security at Aetna;
- Why Aetna does not struggle to find security talent.
Routh is CISO and leads the global information security function for Aetna. He is the chairman of the FS-ISAC Products and Services Committee and is a board member of the National Health-ISAC. He was formerly the global head of application and mobile security at JP Morgan Chase and served as CISO at KPMG, DTCC and American Express