Compliant and secure password process (GDPR)

GDPR Compliant and secure password process

IDC has published a White paper on secure password processes. It argues for the benefits of self-service of passwords for compliance. But it is equally important to make the complete process compliant and secure through the assisted process! 

The assisted password reset process is in almost all organizations a weak link for security. The risk that a hostile person can get access to another user’s account is simply too high! IDC refers to several studies documenting the fact that most organizations don’t have secure processes in place. According to the Danish Data Protection Agency the only way to make a secure assisted process is a 2-person process:

  • A person with privileges to make new password (service desk)
  • A trusted person who can vouch for the user’s identity

Our experience from hundreds of meetings with IT-departments is, that this process is only very rarely in place. 

IDC furthermore clearly identifies that GDPR ( European General Data Protection Regulation act) demands that the authentication process is secure and safe, to avoid data breaches. This necessitates that the complete password process is protected, self-seervice and assisted service.

IDC recommends that organizations consider SW-solutions to get the assisted process secure and being able to monitor the process.

Get your copy of the IDC report here:IDC Technology Spotlight Password Management and GDPR Compliance: Lowering Risk Through State-of-the-Art Assisted Password Reset 

See FastPass Compliance management:

 

Self service

IDC Analyst view

Business case

Video

Products

Self-service password issues

Our clients