Case Study: BlueCross BlueShield of North Carolina's Journey from Passwords to Passwordless

Bart Allan

February 3, 2022

Since 1933, BlueCross BlueShield of North Carolina (BlueCross NC) has had one mission: Make healthcare better for all of North Carolina. This insurance leader employs almost 5,000 North Carolinians who serve nearly 4 million members. From customer support to patient payment portals to sales to mobile account access, technology touches every part of the health insurance journey. So when BlueCross NC end users, including insurance agents and account managers, were facing password problems, it needed to be resolved quickly.  

Managing passwords is a frustrating pain point for many organizations.

With password reset calls to the help desk growing exponentially, BlueCross NC knew it was time to explore its password management options. It sought a new SaaS solution to meet health care and security compliance requirements.

BlueCross NC was beginning to build its own IT team. Improving password management was an early priority to allow its team to focus more on the business and less on operations. End user frustrations with frequent lockouts and the inability to reset their own passwords was just one of the problems they were looking to solve.

Mobile reset capabilities, self-service synch and reset, strong integration capabilities with non-single sign-on (SSO) applications, and supporting a legacy environment were also necessities to reduce the burden on the service desk.

BlueCross NC needed the agility to improve scalability and ensure upgrades were completed promptly. This was essential to avoid falling into the costly trap of falling behind in the IT refresh cycle - something the team had struggled with.


The Solution

The right approach to meet these requirements quickly became clear. Because of its legacy solution from Bravura Security, the company was shortlisted and rose to the top with its position as a leader in cybersecurity, SaaS, mobile support and extensive integrations.

BlueCross NC's Senior IT Design Engineer Phillip Boyd recalls, "Bravura Security environments outperformed what we could do internally, especially with built-in redundancy." An official selection process determined Bravura Pass, ranked 4.2 out of 5 in Password Management Tools on Gartner Peer Review Insights, was the best.

"We wanted to be more nimble and secure with more redundancy. We knew a SaaS implementation was the best way to achieve that."

Mitchell Weiner, Director Enterprise Computing

As deployment began, BlueCross NC was also updating its security policies to require more complex passwords to protect the environment, driving up the number of calls to the service desk, further illustrating the importance of this new implementation. "We wanted to be more nimble and secure with more redundancy. We knew a SaaS implementation was the best way to achieve that," said Mitchell Weiner, Director Enterprise Computing.

Introducing a SaaS solution empowered BlueCross NC to more easily keep its technology current with upgrades included, ensure the application was always on, and provide immediate and proactive support response to any issues. Plus with the infrastructure and application both managed by the Bravura Security team acting as an extension of their own, BlueCross NC could focus its attention on streamlining and strengthening processes.

To ensure success, the rollout of this new cloud solution was broken down into two phases: user acceptance testing (UAT), and production.

During the first phase, the IT team worked closely with a select group of end users to test and iron out any wrinkles before rolling out to the larger user base. That included working with users to ensure they could:

  • Log into applications
  • Change passwords
  • Use their mobile device to change or unlock accounts

After six weeks of UAT, Bravura Security, and BlueCross NC were ready to work on the full implementation of PasswordPlus, the new internal name for the Bravura Pass solution. Production included a few weeks of final refinements before the big push.

An equally critical piece of this deployment was an education to two key audiences, end users, and the tier-one help desk. The effort, led by the BlueCross NC marketing and communications team, aimed not only to ensure end users and the help desk could use this new tool effectively but also aimed to create excitement.

The communications campaign included educational resources ranging from articles to slideshows, and instant chat messages to emails. They held an unveiling event complete with fun prizes. The new service desk message included a self-service option and provided follow-up calls from the service desk to get users registered to use PasswordPlus. The IT team also offered open office hours to welcome end-user drop-ins for questions or to see an overview of capabilities and functionality.


The Outcome

Bravura Pass was officially launched in February of 2021 with 10,000 end-user licenses. As of March 2023 password-related calls to the service desk have dropped by 80%, and 78% of end users are enrolled to use the service.

The impact of the Bravura Pass SaaS implementation was seen very quickly, according to Weiner. "We began to see improvements almost immediately, and the results have been incredible. PasswordPlus registration has increased at almost the same ratio as calls the service desk have dropped."

Key successes following the implementation include:

  • Hands-off management with no server patching or application issues; tickets are promptly addressed by Bravura Security
  • Self-service capability for end-users to reset passwords in one place on four disparate apps
  • Email reminders to give end users an extra nudge on required password updates
  • The smooth setup of mobile access

Critical to achieving these incredible results was a strong working relationship between the two companies. "The Bravura Security engineers were a true extension of our team. Quick communication and flexibility were essential to success, and they delivered both time and time again. Their willingness to meet with our team to answer and address questions made all the difference, " said Phillip Boyd, Senior IT Design Engineer.

"The Bravura Security engineers were a true extension of our team. Quick communication and flexibility was essential to success and they delivered on both time and time again. Their willingness to meet with our team to answer and address questions made all the difference."

Phillip Boyd, Senior IT Design Engineer

The Future

The team is now focused on further decreasing the risk in its identity program amid an increase in industry attacks.

The next phase includes another communications campaign to close the gap on the 22% of end users who have yet to enroll. The team is also increasing the number of onboarded systems to widen its coverage. ​

With self-service password management successfully adopted, next up is self-service password vaulting for end users to store all different passwords and secrets in encrypted digital vaults that they secure with a master password.


Go Passwordless 90-Day Free Trial

Combine Employee Password Vault with True Passwordless MFA

While many organizations have internal solid password managers combined with Single Sign-On (SSO) features,  it doesn't manage passwords and secrets outside their identity and access management or privileged access management solutions.  

Increase protection for your organization by giving employees the frictionless security experience they expect and the security you need. Combine zero-knowledge enterprise password manager Bravura Safe, with the first true passwordless multi-factor authenticator, Bravura OneAuth. 
  • Quickly secure shared secrets and decentralized passwords with a consumer-grade app built for enterprise needs
  • Complement your core password manager you already use
  • Quickly and easily deploy with a user group of your choice
  • Unlike LastPass, Bravura Safe is built on open-source code with zero trust principals
  • Make authentication as quick as unlocking a phone with a fingerprint or face recognition biometric
  • Trust a FIDO-certified authenticator

Protect your secrets and your organization against two widespread cyberattacks, phishing, and brute-force attacks.