Plethora of Passwords A Persistent Problem

Agents may be able to access all carrier websites and agency platforms with one single login.

signononce.jpgAs insurance carriers rolled out web-based underwriting and service systems beginning in the 1990s, user IDs and passwords were the best way for agency employees and producers to securely identify themselves. Online connectivity was often faster than postal mail and telephone transactions, so proprietary systems represented a quantum leap in time savings.
But over time the “silo” approach of proprietary systems meant that carriers needed to dedicate people and budget to solve the recurring problems of expiring passwords, lost or forgotten passwords, security breaches, and staff turnover. For agencies, as systems proliferated, signing on to individual websites of carriers and recalling numerous passwords have worked against efficiency.
“By nature, independent agents represent multiple markets and thus they have needed website logins for each of the carriers they represent. The need for security on carrier websites exploded over the years, but it has become close to unmanageable for agents at this point,” commented Nellie Massoni, senior product manager with agency management system provider Vertafore.
Every independent agency employee and producer “has to do business through carriers and carrier websites. So each person must have multiple logins. Each person has to go in and log in individually either directly on the website or through the agency management system,” explained Doug Johnston, vice president of Applied Systems/IVANS.

Do the Math – and Groan

The math gets staggering, Johnston pointed out: “If you have 15 accounts with passwords that expire every 30 days, you’ll have a password expiring every two days.” Multiply that by each agency user in an estimated 22,000 independent agencies, and the time and costs mushroom. With hundreds of property/casualty insurers, there now has grown a thicket of user ID-password connections for agencies.
One broker estimated that each password login took 37 seconds per employee per website.
For carriers, passwords are expensive: Of technology help desk costs, “10 to 30 percent are password related, and the dollar value ranges from $51-111 per call. And it’s not just cost value but the potential for malicious attacks: 39 percent of data breaches are result of negligence including password resets. These challenges are looming over the heads of agencies and carriers,” posited Mark Craig, Vertafore senior vice president and ID Federation board member. Plus, if an employee or producer leaves the agency, the agency owner or admin has to go in to all carrier accounts and disable those logins and passwords.
Any agency employee and producer has experienced the frustration of having a password expire in the midst of a transaction or even while a prospect or customer is on the phone, pointed out Massoni.
Additionally, when real-time transactions (such as through Vertafore’s PL Rating and TransactNow systems) fail, almost all failures can be traced to a password failure, explained Massoni. A one percent failure rate of real-time transactions for its users, Vertafore estimated, would mean about 800,000 transaction failures in one year.
One reason for real-time glitches is that an administrator or user is required to update carrier passwords both in the carrier system and the agency management system.

A New Way

The industry has recognized password management as a problem for many years. But (unlike the weather) someone’s done something about it.
Enter SignOn Once, the new industry standard developed by ID Federation. “The concept of SignOn Once is that when an agency producer or employee signs in to their agency management software, that application will take on the task of automatically authenticating your identity to all your business partners,” Johnston said. The new approach follows global security standards, he pointed out, in use in other industries.
The goal of SignOn Once is to allow insurance professionals to spend more time with the value-added work of serving prospects and clients and less time working on remembering and managing passwords. Meanwhile, carriers can expect cost efficiencies through implementing SignOn Once.
SignOn Once also can allow an agency to readily add a new employee or producer to work with its carriers, and to quickly remove a user who leaves the firm.
SignOn Once uses token technology to authenticate each user’s identity. The token passes from an individual user’s account with an agency management system to the agency management system vendor to the insurance carrier partners with which that agency is aligned. This new approach promises greater security at less cost than the longstanding process of using different passwords for each carrier system.
“For an agency to never have to manage a carrier user ID and password issue again is ‘nirvana,’” noted Massoni. “It’s something they’ve wanted for years. Passwords are such a pain point. SignOn Once enables a combination of the two worlds: The agency doesn’t have to maintain carrier user IDs and passwords -- but is secure.”
SignOn Once is “bringing the insurance industry into the 21st century in security,” Craig added.
Teresa Addy is business co-chair and Jim Rogers is a board member and treasurer of ID Federation Inc., a 501(c)6 non-profit organization that developed SignOn Once to promote information security and identity management for trusted transactions across the financial services and insurance industries. Addy is business technology analyst for EMC Insurance Companies and Rogers is assistant vice president, distribution technology strategy, of The Hartford.