Four ways you can encourage your carriers to sign up for SignOn Once
What would you say are the most-often-used passwords?
If you guessed “123456” or “password,” you’re right!
Each year, the data security firm SplashData compiles The Worst Passwords List from millions of passwords leaked from data breaches. In 2017, the top four were “123456,” “password,” “12345678” and “qwerty.” The first two have been the “worst” passwords since the list began in 2011.
It goes to show that password protection continues to be a problem, even in the face of ever-increasing cybersecurity threats.
For an agency owner like me, log-ins are a huge headache. It’s a constant balancing act between managing hundreds of passwords and ensuring that our systems are secure.
Each of our employees must maintain an average of 30-35 passwords just to perform their daily tasks—to sign on to our management system, access carrier portals or log in to vendor sites. It’s not uncommon for large agencies to maintain thousands of passwords. According to Cybersecurity Ventures, the total number of passwords in use globally will exceed 300 billion by 2020!
As passwords proliferate, the frustration of having to remember them, change them and reset them mounts. It leads to people doing things they shouldn’t do: using the same easy-to-remember logins, putting them in plain sight next to their keyboard or keeping everyone’s passwords in a single Excel spreadsheet that could easily be stolen.
A survey by Hypersocket found that 40% of employees use techniques to remember passwords that are not secure. About a fifth (19%) admitted to writing down passwords, and another 21% said they routinely use easy-to-guess passwords such as their spouse’s name.
As you can imagine, there’s a cost to all of this. That cost can include lost productivity, lost business, and systems vulnerability, especially when someone on your team is terminated or leaves. Former employees may have the passwords to dozens of your log-ins, giving them the ability to compromise your business or gain an unfair competitive advantage.
A study done a few years ago by Centrify found that businesses lose over $420 in productivity per employee per year because of password issues. The annual Verizon Data Breach Investigation Report consistently shows that the leading cause of hacking-related breaches (81%) is stolen or weak passwords. Add to that the cost of resetting passwords (now estimated at $150 per reset), by far the number one reason agency employees call a company’s IT help desk.
Fortunately, there’s a solution, too. For our industry, this solution involves a single, secure sign-on that agents, carriers and solutions providers can all use. To move toward that solution, industry leaders joined together in 2014 to create ID Federation, a nonprofit organization tasked with developing legal and technical standards to facilitate a single sign-on for the entire insurance industry. That technology is now up and running, and it’s called SignOn Once.
Simple and safe
SignOn Once uses a digital token to authenticate a user’s identity. The token enables ongoing access to the websites of carriers and vendors who meet the ID Federation standards. While the process is seamless for the user, there are multiple checkpoints and verifications behind the scenes as users move from site to site.
SignOn Once has been tested, and it works beautifully. Agencies, a major carrier and a software systems provider have been using it for over a year. What they’ve found is that it requires less time to log in to a company’s website (only one sign-on at the begin-ning of the day!), efficiency is optimized through standardized workflows, and there is greater control and security.
With cybercrime on the rise, better security is perhaps the biggest benefit to using SignOn Once. Users have to remember only their own agency management password for a single sign-on that automatically gives them access to company and vendor sites. Controlling access to systems is simpler, safer and streamlined. When someone leaves an agency, they won’t be taking dozens of passwords with them. They have only one password, and it can be immediately disabled.
As with any new venture, a certain amount of evangelizing must take place in the beginning. ID Federation has recently hired its first business manager, Irv Kantar, to take us to the next level. Irv spent the last 10 years at Applied Systems/IVANS Solutions, working with carriers to provide technical details of automation solutions and define direction for real-time products and services.
He’s perfectly positioned to move ID Federation forward. Already, Irv has had several promising meetings with companies and vendors, and we anticipate more companies will be implementing SignOn Once in 2018.
ID Federation board members are also talking to industry leaders. We’re making presentations at user group and technology forums like ACT and AUGIE. But we can’t do it alone. We need your help. Agents can be the voice for making SignOn Once a reality. You can speak firsthand to the hassles of maintaining passwords and the vulnerabilities it exposes them to.
Get it done
Here’s what I’m asking you to do. Contact your carriers and make the case for adopting SignOn Once:
Talk to your regional representative, vice president or CEO. At sales meetings, conferences or wherever you find yourself in front of your carriers’ top people, talk up the need for a single sign-on solution. Company executives tell us they aren’t hearing from their agents enough that passwords are a concern. Yet, we know from industry surveys that passwords are one of the biggest pain points for agency employees. SignOn Once is a win-win for agents and companies. We gain ease of use and increased security, and the companies won’t get all those calls to their help desks.
Provide input through agent advisory committees. Nearly every company has at least one forum for agent feedback, and many have a separate technology committee. This is the ideal venue for bringing up SignOn Once. Many IT officers have said that SignOn Once would not be hard for them to do. Usually, it’s just a matter of putting it higher up on their priority list. Don’t let another one of these meetings go by without talking about ID Federation.
Put ID Federation on the agenda at your next association meeting. I recently talked to a group of six carriers as part of our annual Michigan Association of Insurance Agents meeting. I told them how much time we spend managing passwords. As I put it, that’s time that isn’t generating revenue for me, and it’s not productive for the company either. It’s a performance issue as well as a security issue. Needless to say, I got their attention. Ask your association leadership to put SignOn Once on your next meeting agenda. If you need information or a speaker, contact us at info@IDFederation.org.
Write an email or letter. The written word carries weight. A letter or message is a record that can’t be ignored. It shows that you care about an issue enough to compose and send a letter, and it puts the onus on the receiver to send you a reply. And when a group of agents sends letters, that’s even more powerful. The ID Federation website has resources for agents, including a template you can use for a letter or email. Your letter need not be long. You just need to tell in your own words how SignOn Once would benefit your agency.
Imagine accessing company websites seamlessly in a world where passwords are nearly obsolete. You spend more time servicing your clients rather than talking to IT. SignOn Once is no longer the future. It’s here today. We just need to get more carriers on board so everyone can enjoy the benefits of a single, secure sign-on.
For more information:
Brian Bartosh, CIC, LUTCF, is president of Top O’ Michigan Insurance, Alpena, Michigan, and a member of the ID Federation Board of Directors. Brian has been active in Agents Council for Technology (ACT), and he is a past chair and board member of Applied Client Network. He consults with agencies, carriers and industry organizations on marketing, work-flow, and change management plans and processes. He can be reached at firstname.lastname@example.org.