New recommended guidelines for company and vendor password formatting have been approved by the Agents for Council Technology (ACT) affiliated with the Independent Insurance Agents & Brokers of America (IIABA), to enhance security and alleviate current inefficiencies for independent agents and brokers across the country.
The password guidelines are the product of ACT’s Multiple Passwords Work Group, formed to address the difficulties independent agents and brokers currently are facing with the multitude of different Web passwords and password formats they must employ to access their companies. If adopted by the industry, the guidelines reportedly will enable agency employees to use a common password for several company and vendor systems.
“ACT urges companies and vendors to incorporate these guidelines into their password protocols and make their Web sites more user friendly for the independent agents accessing them,” Alvito Vaz, chairman of the work group and information technology director at Progressive Insurance, said. “The guidelines also will encourage improved security at the agency level because agents will be able to use a consistent password for several companies and be less inclined to maintain unprotected lists of passwords.”
When the work group initially surveyed ACT company and vendor members, it found that current password requirements and procedures vary widely, virtually forcing agency employees to keep scorecards containing all of the necessary information. Security at the agency level will reportedly be greatly improved if companies and vendors follow guidelines permitting agency employees to use consistent passwords with their various business partners. Agencies also need to be provided the flexibility to make required changes in these passwords.
“Ultimately, agents would like to see company passwords handled automatically in the background by their management systems,” ACT executive director Jeff Yates commented. “But in the current environment, widespread adoption of ACT’s recommended password guidelines would be a big step forward. We urge agents to encourage their companies and vendors to adopt the guidelines to make Web site access much easier for hundreds of thousands of agency employees.”
ACT recommends that companies and vendors incorporate the following guidelines into their password formats:
• Password Expiration: The expiration of passwords should be set to no shorter than 90 days. Agency employees would need to change their passwords at least every 90 days; otherwise they would expire. The software should provide users with warnings that give them lead time to change their passwords.
• Password History: Password history will be enforced for five iterations. When agency employees change their password, the system will not permit the use of the same password again until the sixth iteration, but it would permit the use of a derivative password, as long as some change has been made.
• Password Length: Valid passwords must include at least six characters and permit a maximum of eight characters. This range is sufficiently long to make “password cracking” difficult, but also sufficiently short for easy entry.
• Password Composition: Every password must have at least one lower case letter, one upper case letter, and one number. Special characters (non-alphabetic and non-numeric) may not be used. The password cannot repeat the same number or letter more than two times consecutively.
The approved ACT Password Guidelines are available by visiting www.independentagent.com and selecting the Agents Council for Technology tab.
Topics Agencies
Was this article valuable?
Here are more articles you may enjoy.
US Roof Maintenance Lags: Hanover 
Home Insurance at $10,000 a Year Shows California Buyers’ Pain 
US P/C Insurers Post Best Q1 Underwriting Result In 17 Years 
Ryan Specialty Announces Succession Plan: Pat Ryan to Exec Chair, Turner to Be CEO From This Issue
