Army Considers More Multi-Factor Authentication Measures

Army Considers More Multi-Factor Authentication Measures

The U.S. Army is working toward adding more authentication measures to provide more options to access Army online resources while maintaining information technology system security.

The U.S. Army is working toward adding more authentication measures to provide more options to access Army online resources while maintaining information technology system security.

Army CIO/G-6 officials are working with Program Executive Office Enterprise Information Systems (PEO EIS) on alternatives to the Army’s current multi-factor authentication process (MFA). MFA requires users to present at least two points of verification across three categories—something you know, something you have, and something you are—to prove their identity, officials said.

"The commercial industry has seen that there's a greater need for protection, making sure the right people are accessing the right accounts," said Thaddeus Underwood, Identity Management and Communications Security division chief. "It makes sense that the Army is moving in the same direction. We are better protecting access to our IT networks to improve our cybersecurity posture by replacing username and password logins across the Army with MFA-secured options."

Currently, Army MFA measures require soldiers to use their Common Access Card (CAC) and personal id number to log into a government computer system, according to Underwood. However, because some of the Army currently serves in the Reserve or National Guard, not all soldiers have consistent access to government computer systems.

"You've got Reserve and National Guard members who only come to a government facility on the weekend for their drill training," Underwood said. "If there is online training that they need to do … they could potentially do that from home if they have a CAC and CAC reader," he said. "How do we provide them that level of access without having to use a CAC?"

The Army is currently considering two MFA alternatives: a mobile device app that allows for authentication, and a pre-registered USB-type device known as a Yubikey, Underwood said.

An authentication-type app would allow soldiers to access official sites without needing to use their CAC and reader. Theoretically, soldiers would download the app to their smartphone and register their phone online to link it to their Army identity, according to Underwood.

Once the app is registered, soldiers would log into official Army websites with their username and password, and the site would trigger a MFA process, sending a one-time-use passcode to their registered app. The soldier would then enter that passcode into the website and be authenticated for its use, able to access personnel records, online training and other resources without needing a CAC-enabled computer.

"We are at the final stages of developing the requirements. Next, we are going to ask commercial vendors to provide solution options," Underwood said. "We expect to have an initial-app prototype by this fall."

In addition to the app in development, PEO EIS is providing Yubikeys as an alternative method of MFA. A Yubikey is a registered USB-type device that can be inserted into a computers USB port, serving as a second form of authentication after the user logs into an official website, Uderwood said.

"The Yubikey solves the problem of not having a CAC and reader, but it doesn't solve needing a physical piece of equipment," Underwood said. "This device will probably be a better solution for some of our mission partners such as the American Red Cross, and first responders that act when an incident happens … and don't have a CAC to get access to our resources.”

Underwood said Yubikeys are currently undergoing integration testing by PEO EIS.

"Anytime you have new technology, you want to introduce it to existing technology and make sure that it will work," he said. "We expect user testing and field testing to begin in May."

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3