FB pixel

Expect three factor authentication to be implemented following OPM hack


A Department of Homeland Security official said federal personnel will soon be required to use a three-factor authentication method that includes a smartcard, a password and their fingerprints before logging on to computers, according to a report by Nextgov.

The decision to enforce the government-wide, three-factor authentication sign-on is designed to boost government agency security measures, following the successful hacking of the Office of Personnel Management by foreign spies.

“Several organizations are looking at three-factor authentication,” said Shonnie Lyon, acting director of the DHS Office of Biometric Identity Management. “I think that’s the way things are going to have to go.”

Sixteen of the 24 major federal departments, including OPM, can log into government systems with just a username and password, according a recent report on compliance with the Federal Information Security Management Act.

The proposed three-factor sign-in procedure would require federal workers to slide in a smartcard that contains a digitized fingerprint, swipe a finger against a touchpad, and enter a PIN to access any government network.

The new procedure offers more privacy than a setup in which the computer user’s fingerprint is crosschecked against prints stored in a big biometrics database, said Lyon.

Homeland Security Presidential Directive-12 (HSPD-12), a post-9/11 policy, requires federal employees to use a smartcard and PIN to access all agency networks and facilities.

And while many federal employees carry personal identity verification (PIV) cards, only a few departments have activated the card’s digital capabilities, meaning that the card serves as nothing more than a flash pass.

“Whether or not private citizens are going to want to have a PIV-type card” is questionable, Lyon said during the event. “But for OPM or any kind of government action, I think that you are going to see more and more organizations start going to three-factor authentication, so that they know who is in their network, who is logging in and you have the rights and the privilege to do that.”

Meanwhile, the Defense Researcher Advanced Projects Agency “is actually looking at using biometrics — but not biometrics like face, print and iris — active authentication like keystrokes and mouse movement,” Defense Department biometrics chief engineer Will Graves said at a forum hosted by the American Council for Technology and Industry Advisory Council.

Article Topics

 |   |   |   |   | 

Latest Biometrics News


DHS reinterprets foreign worker fees to fund biometric border system

The U.S. Department of Homeland Security has proposed a way to fund its Biometric Entry-Exit program by changing the fee…


NIST adds flexibility, digital format to security requirements for federal contractors

The U.S. National Institute of Standards and Technology has updated its guidance for how businesses working with the federal government…


Cryptomathic is Belgium’s digital wallet mobile app security provider

Tech from Cryptomathic has been deployed in Belgium’s digital identity wallet, one of the first to go live in the…


Bringing ethics into the discussion on digital identity

A panel at EIC 2024 addresses head-on a topic that lurks around the edges of many discussions of digital ID….


Kantara Initiative launches group devoted to deepfake injection attack threats

“It’s probably not as bad as this makes it seem,” says Andrew Hughes, VP of global standards for FaceTec and…


Seamfix CEO makes case for digital ID as unlocker of Africa’s growth potential

The co-founder and Chief Executive Officer of Seamfix, Chimezie Emewulu, has posited that digital identity and related services have the…


14 Replies to “Expect three factor authentication to be implemented following OPM hack”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events