FB pixel

Federal agencies slow to adopt two factor authentication, says White House annual report

Categories Access Control  |  Biometrics News
 

The majority of Federal employees are able to access Federal computer systems with nothing more than a username and password, despite President George W. Bush ordering Federal agencies to secure their information systems with strong authentication technologies more than a decade ago, according to a report by Govtech Works.

Only half of the largest Federal agencies — including General Services Administration (GSA), the Labor and Treasury departments, the Small Business Administration (SBA), National Science Foundation (NSF), and the Nuclear Regulatory Commission (NRC) — have deployed strong authentication methods across 95 percent of privileged users, according to the White House annual report to Congress on the Federal Information Security Management Act (FISMA).

President George W. Bush initially signed the Homeland Security Presidential Directive 12 in 2004, which mandated a national standard for secure government identification cards.

In 2006, the National Institute for Standards and Technology (NIST) published Federal Information Processing Standard 201, “Personal Identity Verification of Federal Employees and Contractors,” and has since revised the standards on two separate occasions.

There are currently more than 5.3 million Federal government Personal Identity Verification (PIV) cards in circulation, while the Defense Department offers a similar smart card program called Common Access Cards (CAC).

Both cards are integrated with a computer chip which stores identifying data that is fully encrypted.

The Pentagon has already achieved universal CAC compliance. Meanwhile, most Federal agencies are using the PIV card as an ID and card key for building access, but not yet as a network control device.

Hildegard Ferraiolo, PIV program lead and a computer scientist at NIST, said that while she is disappointed that agencies are not using the cards as a network control device, the Office of Personnel Management’s massive security breach last spring has encouraged many agencies to actively use the cards.

“Due to the recent cybersecurity attacks and threats, there really is a push to get the departments and agencies to use the PIV card to do user authentication,” said Ferraiolo.

OPM aims to secure its systems via two-factor authentication, with a goal to ensure that 100 percent of its PIV-enabled users are using multifactor authentication by the end of 2017.

Agency officials are also looking into other two-step authentication solutions for part-time users and subcontractors.

There are three main reasons why Federal agencies have been slow to adopt two factor authentication systems, including a need to update outdated infrastructure, the use of mobile devices, and a high job turnover and part-time workers, resulting in many employees not being eligible for a PIV card.

Increasing the adoption rate could be a matter of instilling in non-IT managers the importance of two-factor authentication to improve security, according to the White House annual report to Congress on FISMA.

Previously reported, a Department of Homeland Security official said federal personnel will soon be required to use a three-factor authentication method that includes a smartcard, a password and their fingerprints before logging onto computers.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics connecting ID and payments through digital wallets, apps and passkeys

Biometrics are connecting with payment credentials, whether through numberless credit cards and banking apps or passkeys, as the concrete steps…

 

Reach of Musk, DOGE’s federal data access sets off privacy, security alarms

Led by tech billionaire Elon Musk and a shadowy team believed to be under his control, the United States DOGE…

 

Mobile driver’s licenses on the cusp of ‘major paradigm shift’

More entities have integrated the California mobile driver’s license (mDL) credential for identity verification. Although just 15 states have introduced…

 

Gesture-based age estimation tool BorderAge joins Australia age assurance trial

Australia’s age assurance technology trial is testing the new biometric tool that performs age estimation based on hand gestures. The…

 

European AI compliance project CERTAIN launches

The pan-European project to create AI compliance tools CERTAIN has kicked off its work, with the goal of making European…

 

Signaturit Group acquiring Validated ID for undisclosed sum

Spain-based digital identity and electronic signature provider Validated ID is being acquired by Signaturit Group, a European company offering identity…

Comments

17 Replies to “Federal agencies slow to adopt two factor authentication, says White House annual report”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events