SC Spheres
Blog

Rethinking passwords in a post POPIA world

Step 2

“Password were dead a few years ago. Now they are more than dead” is one of the quotes that you will find if you google passwordless authentication. Bill Gates was predicting the demise of the password back in 2004. Passwords were to be replaced by other method of authentication such as a biometric signature, One Time Pin (OTP) or hardware token.

In 2021, passwords are still in widespread use for securing confidential documents. Often documents are password protected and then the passwords communicated to the recipient via an unsecure email. Worse still (from a security perspective), some identifier (such as a policy number) for the recipient is used to password protect the document and anyone who can discover the identifier can access the document.

As a recipient of password protected documents, there is the added challenge of remembering the password to open old documents.

When using a common electronic platform for the storage of confidential and personal information, password use and management can be made easy:

  • The user gets to set their own password that is not shared with anyone else
  • Only one password is used to unlock all documents
  • Passwords can be changed at any time (if the user feels security has been compromised); and
  • Users can be alerted should anyone access the platform from a previously unknow device

With a platform, you can consider adding alternative authentication to either replace passwords or be used in addition to passwords as extra protection. The balance between user convenience and security can be explicitly managed. When considering password access, it is important to consider the functionality that you would need to run your enterprise so there is never a need to share confidential or personal information outside of the secure password protected environment provided by the platform. Full functionality includes:

  • The ability to distribute and read board papers;
  • The ability to access confidential fund documents;
  • The ability to hold multi-way conversations amongst users when dealing with personal information;
  • The ability to set up temporary data rooms for regulatory audits and the like; and
  • The ability to sign documents electronically SC Spheres is an affordable platform that offers this functionality and is quick to set up and deploy. We can get you set up with your own fully functional platform for a free month trial and get your confidential and personal information off your email.

Sign up for a free trial via our web site at https://scspheres.com/try/ or by contacting Robert at rob@scspheres.com.

Why SC Spheres?
·
Copyright © SC Spheres (UK) Ltd. All rights reserved.