Identity and Authentication in LabLynx LIMS Solutions

Identity and Authentication in LabLynx LIMS Solutions | LabLynx Resources

Consolidating aspects of your lab’s operations within a laboratory information management system (LIMS) improves your lab’s information security, in part, by controlling access to client information and testing data. Access control is a two-stage process comprised of:

  1. Authentication: The verification of a user’s identity, and
  2. Authorization: The granting of limited access privileges within the system.

This blog post will discuss access control’s authentication stage and how to verify user identity in a LabLynx LIMS solution. For a deeper dive into the many ways a LIMS enhances laboratory security, download the Guide to Lab Security with a LIMS.

What are identity and authentication?

In network security, identity is a label a system uses to distinguish its users. The most common user identifiers include:

  • Employee numbers,
  • User names, and
  • Email addresses.

Giving users a unique identifier is not enough to keep your LIMS secure. Most identifiers are too easy to steal or guess. The system needs a way to verify the person requesting access is actually who they claim to be.

Authentication is a process for confirming users’ identities. When a user logs into a system, they enter their identifier. They also supply one or more authentication factors that let the system verify their identity. Authentication factors typically fall under the categories of knowledge, possession, and inherence.

Knowledge factors

Passwords, PINs, and other information you memorize can verify your identity. In theory, only you know that information, so only you can enter it into the login page. While knowledge factors are the most widely used form of authentication, they have significant drawbacks.

Secure passwords are complex and challenging to remember, but easily-recalled passwords are also easy to guess. People often rotate passwords or use the same password across multiple accounts to make password management easier. Online databases of stolen passwords make it easy to compromise organizations that follow poor password security practices.

Possession factors

Identity cards, security keys, and other physical objects that users possess can also verify their identity. Companies verify a new employee’s identity during the onboarding process, so handing them a physical object links their identity to that object.

Although more difficult to steal at scale, possession factors are not perfect solutions. Implementing possession factors is more expensive since you must buy the objects and may need to install card readers. Companies must also invest in processes to deal with lost or stolen objects, as well as recover the objects when employees leave.

Inherence factors

Biometric technologies associate system identifiers with each user’s physical characteristics, such as their face, fingerprint, or voice. Inherently linking personal features to user identities is more secure than the other factors.

However, inherence factors have weaknesses of their own. Advanced hackers can spoof biometrics, and some biometrics may not work with all users. A common issue for laboratories is how masks and gloves make biometrics unusable.

Multi-factor authentication (MFA)

Combining two or more factors can compensate for each factor’s weaknesses. Banking apps, for example, combine a possession factor (your smartphone) with an inherence factor (a fingerprint or face scan) to verify your identity without a password.

Organizations often turn to identity and access management (IAM) systems to manage user authentication and deliver a single sign-on experience to their users. Besides the convenience of giving users one account for all work applications, IAM lets companies implement security protocols such as MFA and enhance other strong security practices.

Authentication with your LabLynx LIMS

LabLynx ELab LIMS software solutions give laboratories several authentication options. To keep things simple, you can use the LIMS software’s built-in password management capabilities. Your administrator can define password policies such as:

  • Minimum password length: Longer passwords are more difficult for hackers to crack through brute force attacks.
  • Password expiration periods: Requiring users to periodically reset their passwords can improve security by ensuring the LIMS locks dormant accounts.
  • Password reuse limits: Recycling passwords is poor security hygiene. Limiting reuse reduces the risk of old passwords allowing unauthorized access.
  • Maximum number of login attempts: Prevent brute force attacks by locking an account after sequential failed login attempts.

LIMS administrators never see users’ passwords. When a new user first tries to log into the LIMS, the system will prompt them to create a new password. Users can request an automatic password reset should the LIMS lock their accounts due to password expiration or excessive login attempts. Alternatively, the administrator can toggle a password reset in the user’s profile.

Should hackers penetrate your organization’s network defenses, your LIMS passwords will remain secure. The LIMS password database is fully encrypted, as are all communications between the user’s browser and the LIMS.

Third-party access to LIMS data

Giving clients, the public, and other outside parties access to information in their LIMS can improve customer service. However, giving them direct access to the LIMS bypasses your security efforts. Web portals provide an acceptable compromise. Customers can securely interact with your lab’s LIMS without compromising your lab’s security.

LabLynx helps you enhance this experience further by enabling social login. People can use their Facebook, Google, or other social media account to authenticate their identities without having to create a password for your lab’s portal. Letting people authenticate through social logins also minimizes the amount of personally identifiable information your lab collects.

Advanced authentication with your LabLynx LIMS

LabLynx LIMS software supports Open Social, the W3C-managed standard for web-based authentication. Using the SAML protocol, Open Social lets your LabLynx ELab LIMS integrate with your local Windows Server authentication process or with your third-party IAM solution. During the implementation phase, LabLynx engineers can work with your IT department to configure and test this integration.

Authentication integration adds your LabLynx LIMS to your company’s single sign-on experience, giving your staff seamless access to your lab’s data and workflows. At the same time, your lab’s security posture improves by applying multi-factor authentication and other advanced security policies to control LIMS access.

Authentication is an essential first step toward securing the information in your laboratory’s LIMS. Download the Guide to Lab Security with a LIMS to learn how LIMS authentication fits into a laboratory’s security processes.


Share this Article

Contact Us

"*" indicates required fields

I am interested in:*
This field is for validation purposes and should be left unchanged.