Enhanced password security Copied

08/02/20203.0.16Release notePhysician, Clinical, Admin, Billing

Enhanced Password Security

Password security is a concern for anyone using technology in today’s digital world. With that said, our world is no exception, and therefore we are taking steps to strengthen passwords in iKnowMed Generation 2. This effort will help secure patient data and prevent cyberthreats.

While strengthening password requirements to protect patient data and ensure the ability of practices to secure other sensitive information is the key objective, we’ve also taken steps to enhance and improve the user experience with new tools and interactive support while resetting a password.

In the coming weeks your Account Manager will be reaching out to discuss the changes and how those changes affect users. This feature is being turned on practice by practice.

Understanding New Password Requirements

The table below shows a comparison of existing requirements.

Passwords will now need to meet a new level of complexity and may not be passwords that are commonly used or easy to guess. Failure to meet either requirement will result in the password being rejected by the system.

Complexity Check

Complexity requirements include:

  • At least 8 characters

  • One digit (0-9)

  • One special character [!@#$%^&*()]

  • One lowercase letter

  • One uppercase letter

The complexity check places a check mark next to each requirement as it is met and provides a status bar that indicates the strength level of the current entry. Passwords must meet the strength check for Strong or Very Strong before the system will accept the change.

Checking for Common Words or Previously Used Passwords

Once you’ve satisfied the complexity check and submit your new password, the system will make a final check for commonly used passwords or previously used passwords. If either condition is found, you will be required to make the appropriate changes before it can be saved.

Some examples of common words include: McKesson, Winter, Summer, Welcome, Password, 2020, etc.

To reset a password:

  1. Pick a route to reset your password, either from the login page or from User Details in your profile.

  2. Enter the new password following the enhanced password requirements into the New Password field.

  3. Re-enter the new password in the Confirm New Password field.

  4. Ensure your password meets the new requirements for a Strong or Very Strong password using the status bar in the Reset Password window, or the system will not accept it.

  5. Click Save.

Using Passphrases for Increased Security

While you can certainly create passwords such as “d0ct0r3!” to meet the requirements, some industry security experts recommend the use of passphrases for an even higher level of security. A passphrase is more secure than many complex passwords because they are harder for a computer to guess, yet easier for a person to remember.

The more unrelated the words in the phrase, the better. Passphrases may include spaces or hyphens but should not start or end with a space. Examples of passphrases that meet the requirements include: “SunAndFun31!” or “Left-handed frog with 3 toes!