FB pixel

Federal agencies slow to adopt two factor authentication, says White House annual report

Categories Access Control  |  Biometrics News

The majority of Federal employees are able to access Federal computer systems with nothing more than a username and password, despite President George W. Bush ordering Federal agencies to secure their information systems with strong authentication technologies more than a decade ago, according to a report by Govtech Works.

Only half of the largest Federal agencies — including General Services Administration (GSA), the Labor and Treasury departments, the Small Business Administration (SBA), National Science Foundation (NSF), and the Nuclear Regulatory Commission (NRC) — have deployed strong authentication methods across 95 percent of privileged users, according to the White House annual report to Congress on the Federal Information Security Management Act (FISMA).

President George W. Bush initially signed the Homeland Security Presidential Directive 12 in 2004, which mandated a national standard for secure government identification cards.

In 2006, the National Institute for Standards and Technology (NIST) published Federal Information Processing Standard 201, “Personal Identity Verification of Federal Employees and Contractors,” and has since revised the standards on two separate occasions.

There are currently more than 5.3 million Federal government Personal Identity Verification (PIV) cards in circulation, while the Defense Department offers a similar smart card program called Common Access Cards (CAC).

Both cards are integrated with a computer chip which stores identifying data that is fully encrypted.

The Pentagon has already achieved universal CAC compliance. Meanwhile, most Federal agencies are using the PIV card as an ID and card key for building access, but not yet as a network control device.

Hildegard Ferraiolo, PIV program lead and a computer scientist at NIST, said that while she is disappointed that agencies are not using the cards as a network control device, the Office of Personnel Management’s massive security breach last spring has encouraged many agencies to actively use the cards.

“Due to the recent cybersecurity attacks and threats, there really is a push to get the departments and agencies to use the PIV card to do user authentication,” said Ferraiolo.

OPM aims to secure its systems via two-factor authentication, with a goal to ensure that 100 percent of its PIV-enabled users are using multifactor authentication by the end of 2017.

Agency officials are also looking into other two-step authentication solutions for part-time users and subcontractors.

There are three main reasons why Federal agencies have been slow to adopt two factor authentication systems, including a need to update outdated infrastructure, the use of mobile devices, and a high job turnover and part-time workers, resulting in many employees not being eligible for a PIV card.

Increasing the adoption rate could be a matter of instilling in non-IT managers the importance of two-factor authentication to improve security, according to the White House annual report to Congress on FISMA.

Previously reported, a Department of Homeland Security official said federal personnel will soon be required to use a three-factor authentication method that includes a smartcard, a password and their fingerprints before logging onto computers.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


Cybercrime and identity fraud: an Olympic challenge

By Grigory Yusupov, Regional Director UK and Rest of the World (ROW) at IDnow The Paris 2024 Olympics is set…


IDV providers respond to growing consumer demand for stronger fraud prevention

A range of digital identity and financial fraud prevention capabilities and solution updates have been released just as Veriff issues…


Biometrics developers dance with data privacy regulations continues

Biometrics controversy and investments are often found side by side, as seen in many of this week’s top stories on…


EU AI Act should revise its risk-based approach: Report

Another voice has joined the chorus criticizing the European Union’s Artificial Intelligence Act, this time arguing that important provisions of…


Swiss e-ID resists rushing trust infrastructure

Switzerland is debating on how to proceed with the technical implementation of its national digital identity as the 2026 deadline…


Former Jumio exec joins digital ID web 3.0 project

Move over Worldcoin, there’s a new kid on the block vying for the attention of the digital identity industry and…


17 Replies to “Federal agencies slow to adopt two factor authentication, says White House annual report”

Leave a Reply to AuthenticAIDCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events