Covered California Website Increases Online Security
Posted: May 23, 2016
by John Hansen
Agents Required to Enter Cell Phone Numbers and Use Passcode to Verify Identity
Covered California is making strides on their website to increase security. Security breaches have been in the news. This has been an issue in California as well as on the national and international stage.
In an effort to improve security, the Covered California website is now getting cell phone numbers and distributing one time passcodes. This allows the California exchange / Obamacare website to use multi-factor authentication for added safety online.
A typical login page is single-factor authentication. On one computer you enter a login and password. It’s much easier to hack into a database that only uses single-factor authentication.
Now that the Covered California database includes cell phone numbers for agents, they can use multi-factor authentication. They will still require user ID’s and passwords, but they can also send passcodes to email addresses or to cell phones.
Many banks are doing this already. If you log into your bank from a computer or an IP address that the bank does not recognize, they will send a code to your email or to your phone. Then, you have to use that code along with your ID and password, thus requiring a two-factor authentication in order to complete the login.
For agents, the first time you login on your computer, you will likely need a passcode that the Covered California website (or CALHEERS) will send to your phone or email. After that, likely you will only need your ID and password except on some possible rare occasions. However, whenever you use a device/IP address that is not recognized by the Obamacare / California Exchange website, then the system will require a passcode that it will send to your mobile phone or your email.
Agents who are submitting their cell phone information and getting their passcode are receiving the following email:
Identity Management Administrator
This is an automated message from the Covered California Identity Management Administrator. Please do not reply to this email.
Your One-Time Passcode has been generated.
One-Time Passcode: #####
Further instructions have been provided in the application. Please enter your One-Time Passcode in the application to confirm your identity.
Thank you, Covered California Identity Management Administrator
All these efforts are working together to make the Covered California website even more secure and to protect the Personally Identifiable Information of consumers.