Legal compliance

Strong Authentication and the Law
Judge's gavel on stack of money

When it comes to system security and the control of access to systems and applications, Sarbanes-Oxley and HIPAA are not explicitly prescriptive. They do not articulate what “adequate internal controls” means, or what exact solutions an organization must implement in order to affect them. However, by drawing from industry best practices for security and control of other types of information, several inferences can be made. For sure, business-as-usual password-only systems do not meet the standard.  And for sure, strong authentication (2 or more factors) does.  For most firms, compliance is not an option -- it is a must. 

Sarbanes-Oxley/HIPAA germane common requirements:

Only authorized users have access to sensitive information and systems

 
Obviously, you have to be sure the person logging in is the authorized user, which means authentication.  Given the known weaknesses of passwords alone, implementing some form of strong authentication is a wise strategy.  This is especially true for remote users - without solid authentication those logins could be anybody.

Password security policies must be enforced - no password sharing


This is problematic for most enterprises as password sharing is pandemic - not to mention the passwords written on sticky notes.  Strong authentication addresses this by requiring something more than a password.  In the case of a biometric system this "something" can not be shared, lost or stolen.

Trustable Passwords is biometric, strong, 2-factor authentication compliance that works well, is easy to use, and that you can afford.  Trustable Passwords is also easy to implement requiring no new processes.  Users enter their passwords just like normal and Trustable Passwords does the rest.  Authorized users get in, imposter don't.  You are protected.

Trustable Passwords is an easy and affordable way to achieve compliance