The Health Section

Aetna’s Next Generation Authentication

Aetna is adding its Next Generation Authentication system to the Aetna Mobile app, which will assess user behaviors to determine how much access to provide.

“Binary authentication [using passwords] has reached obsolescence today,” said Jim Routh, Aetna’s chief security officer.

Over 3 billion user IDs and passwords were stolen in 2016, according to a Shape Security report. The Identify Theft Resource Center also reported 36 percent of data breaches and nearly 44 percent of records stolen in 2016 were from the medical / health care industry.

Traditionally, authentication for apps and other digital platforms is a single event; a person enters their user ID and password to access their account. With Aetna’s new behavior-based process, authentication is integrated into the application transparently and continuously.

The system is designed to improve security, while also making the app and digital platforms more user-friendly. Aetna’s Next Generation Authentication process monitors a range of 30 to 60 various behaviors, such as location, time of access, thumbprint, and keystroke style.

The attributes and behaviors are assessed and a risk score is calculated, which determines how much access to provide to the app or platform. Eventually, Routh said, a person will be able to open and immediately access an app after the system has authenticated who is using the device.

The advanced authentication system follows FIDO standards, ensuring sensitive information doesn’t leave a person’s device.

“We have an opportunity to improve security,” Routh said, “while also significantly improving the way Aetna joins consumers by eliminating the need to remember passwords.”

Aetna will continue to roll out the new authentication system to PayFlex, Aetna Navigator and its other suite of apps and digital platforms in the future.