There are two different methods that access can be consolidated by an authentication gateway tool like Practice Protect.
The first and most secure is referred to as SAML which can be described as a way of integrating an application with Practice Protect at the technical level to create a single sign-on environment. This is the most secure way of protecting and consolidating access to applications and most accounting apps either have or are busy building SAML integration. To learn a bit more about SAML and it’s relevance to accountants visit this article.
The second method of protecting an app is called “password capture” which means a human manually resetting passwords to something non-memorable and entering that password into the back end of Practice Protect. In this scenario, Practice Protect pastes the password into the webpage via the browser extension. If a password management tool like Lastpass also has it’s browser extension installed, depending on the configuration it may be able to capture the password that Practice Protect pastes.
This is a vulnerability in browser password management technology and all password managers and authentication gateways are susceptible to it.
Here’s what you can do:
- Move your apps to SAML authentication method. We can do this for you if you let our customer success team know by logging a ticket here.
- Disable the installation of non-company password management browser extensions – Your IT provider should be able to do this for you via group policy or alternatively, we can refer you to www.freshmethod.com.au who are an IT company that works exclusively for accountants and are experts at cloud security.
Until SAML is fully rolled out in the accounting industry the workaround isn’t perfect. Unfortunately, web browsers are in a war for market share and their commercial incentive is to err on the side of convenience at the cost of security. All password management tools and authentication gateways are at the mercy of this scenario. At Practice Protect we’re super excited about the take up of SAML by industry app vendors and we’re confident that next year this will be a problem of the past.