New user access security, why the change?

August 05, 2019Charl Laas

Practitioners accessing the EyeSpace Online system recently noted a change in the user access security system now requiring email authentication.

Many have asked us why the change?

Over the last number of years, the potential for online privacy breaches has grown significantly. In response to these threats, many countries have ramped up their data privacy policies. Moving towards compliance with these new laws, EyeSpace is tasked with the difficult job of enforcing security best practices which many practitioners have likely not come across before.

Passwords are one of the most significant weaknesses in a modern information system. Password requirements, such as imposing a minimum number of characters, encourage users to reuse passwords across different accounts, which creates another set of problems both for the provider and the practitioner.

Removing password-based access in favor of email authentication, at least for now, has allowed us to significantly increase security without maintaining a complicated system subject to compliance issues.

User access procedure

Navigate to the eyespacelenses.com website.

  1. Select the 'Practitioner' menu option
  2. Select the 'Log In' dropdown menu.

Enter e-mail

A new window will open requesting your email address.

  1. Enter the email address you registered with EyeSpace.2. Click the 'Submit' button.

Mail inbox

You will receive a once-off time-limited code sent to you via email:

Enter Code

To complete the login process:

  1. Enter the code.
  2. Click Submit.You will remain logged in to EyeSpace Online as long as you keep the browser window open.

Chrome Users

Chrome users can change the browser settings to keep the session active even after closing the window. With this option activated, it is highly recommended to log out of Chrome at the end of your work session.

References

Benjamin Edwards, Steven Hofmeyr, Stephanie Forrest, Hype and heavy tails: A closer look at data breaches, Journal of Cybersecurity, Volume 2, Issue 1, December 2016, Pages 3–14, https://doi.org/10.1093/cybsec/tyw003

“...a password, and all the accounts it provides access to, can be no more secure than the weakest system using that password.” Ives, Blake & Walsh, Kenneth & Schneider, Helmut. (2004). The Domino Effect of Password Reuse. Communications of the ACM. 47. 75-78. 10.1145/975817.975820.