Employee Networking

Accessing an Internet website typically requires the visitor to register for an account and obtain a UserID and password. That UserID and password combination are then used to access the site in the future. This process is performed for every web site the visitor wants to have an ongoing relationship with. Passwords are widely recognized as an insecure authentication technology: they present significant risks and operational issues to both their owner and, if they are used for business purposes, to the company they are used on behalf of. Below are some of the issues associated with passwords:

  • Because passwords are ‘something you know’ and are meant to be easily remembered, they can easily be stolen through phishing, Business Email Compromise (BEC), ‘shoulder surfing’, etc.
  • When passwords are stolen, the underlying accounts at the service providers can be hijacked and taken over by a malicious 3rd party. The owner of the account, the individual for retail accounts and the company for business accounts, is ultimately responsible for all activities performed by their hijacked accounts.
  • Passwords are also subject to misuse by their owners, particularly in a business environment.
  • Passwords from service providers are typically issued to employees of a corporation and NOT to the employer. Because these passwords are issued to the employee, when an employee leaves the organization, it is difficult for the employer to identify and disable all those external services. If services are not disabled, the employee may continue to use those services after their employment has ended. Unfortunately, there are many examples of this happening.

    To address these issues, Pseudo-NYMSM provides secure, reusable NYMSMs to employees of our corporate clients that replace passwords used at service providers that participate in our service. Just like corporate credit cards, NYMSMs are issued to employees when they join an organization and disabled when they leave. Also, a single NYMSM can replace passwords at multiple service providers and activities performed by employees can be monitored by their employer.

    For employees, our service decreases the risk of phishing, account takeover and password proliferation. For employers, our service decreases the operational risk of using outside service providers; employee activities can be monitored and credentials can be disabled centrally by the company after an employee leaves the firm or reports a ‘card’ has been lost or stolen. Service providers benefit by eliminating insecure passwords, account sharing and license theft as well as account takeover. Other benefits to providers include automated provisioning and deprovisioning of employee accounts of corporate clients.