Army Considers More Multi-Factor Authentication Measures

Army Considers More Multi-Factor Authentication Measures

The U.S. Army is working toward adding more authentication measures to provide more options to access Army online resources while maintaining information technology system security.

The U.S. Army is working toward adding more authentication measures to provide more options to access Army online resources while maintaining information technology system security.

Army CIO/G-6 officials are working with Program Executive Office Enterprise Information Systems (PEO EIS) on alternatives to the Army’s current multi-factor authentication process (MFA). MFA requires users to present at least two points of verification across three categories—something you know, something you have, and something you are—to prove their identity, officials said.

"The commercial industry has seen that there's a greater need for protection, making sure the right people are accessing the right accounts," said Thaddeus Underwood, Identity Management and Communications Security division chief. "It makes sense that the Army is moving in the same direction. We are better protecting access to our IT networks to improve our cybersecurity posture by replacing username and password logins across the Army with MFA-secured options."

Currently, Army MFA measures require soldiers to use their Common Access Card (CAC) and personal id number to log into a government computer system, according to Underwood. However, because some of the Army currently serves in the Reserve or National Guard, not all soldiers have consistent access to government computer systems.

"You've got Reserve and National Guard members who only come to a government facility on the weekend for their drill training," Underwood said. "If there is online training that they need to do … they could potentially do that from home if they have a CAC and CAC reader," he said. "How do we provide them that level of access without having to use a CAC?"

The Army is currently considering two MFA alternatives: a mobile device app that allows for authentication, and a pre-registered USB-type device known as a Yubikey, Underwood said.

An authentication-type app would allow soldiers to access official sites without needing to use their CAC and reader. Theoretically, soldiers would download the app to their smartphone and register their phone online to link it to their Army identity, according to Underwood.

Once the app is registered, soldiers would log into official Army websites with their username and password, and the site would trigger a MFA process, sending a one-time-use passcode to their registered app. The soldier would then enter that passcode into the website and be authenticated for its use, able to access personnel records, online training and other resources without needing a CAC-enabled computer.

"We are at the final stages of developing the requirements. Next, we are going to ask commercial vendors to provide solution options," Underwood said. "We expect to have an initial-app prototype by this fall."

In addition to the app in development, PEO EIS is providing Yubikeys as an alternative method of MFA. A Yubikey is a registered USB-type device that can be inserted into a computers USB port, serving as a second form of authentication after the user logs into an official website, Uderwood said.

"The Yubikey solves the problem of not having a CAC and reader, but it doesn't solve needing a physical piece of equipment," Underwood said. "This device will probably be a better solution for some of our mission partners such as the American Red Cross, and first responders that act when an incident happens … and don't have a CAC to get access to our resources.”

Underwood said Yubikeys are currently undergoing integration testing by PEO EIS.

"Anytime you have new technology, you want to introduce it to existing technology and make sure that it will work," he said. "We expect user testing and field testing to begin in May."

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

  • Facing Facts for Facilities

    Despite the proliferation of constantly evolving security solutions, there remains a troubling trend among many facility operators who often neglect the most important security assets within their organization. Keys and shared devices like radios, laptops and tablets are crucial to successful operations, yet many operators are managing them haphazardly through outdated storage systems like pegboards and notebooks. Read Now

  • Report Reveals Security Training Reduces Global Phishing Click Rates by 86%

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today launched its “Phishing by Industry Benchmarking Report 2025” which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).COVER 2025-PIB-NA-Report_EN-US Read Now

  • TSA Begins REAL ID Full Enforcement Today

    Today, the Transportation Security Administration (TSA) announced the imminent implementation of its REAL ID enforcement measures at TSA checkpoints nationwide. Read Now

  • Body-Worn Cameras on the Rise

    On the evening of Oct. 29, 2024, the owner of 300 Guard based in Houston, was shot while on duty at a convenience store. He returned fire. He was wearing a plated vest and thankfully recovered in the hospital. Read Now

  • Brazil Port Enhances Surveillance and Supports Wildlife Conservation with Sustainable Technology

    Ferroport, which operates the iron ore terminal at the Port of Açu in São João da Barra, Rio de Janeiro, Brazil, has deployed state-of-the-art video surveillance cameras from Axis Communications to enhance nighttime security and visibility, while decreasing environmental impact and prioritizing sustainability. With cutting-edge technology, the port now has precise surveillance cameras that capture high-quality nighttime images, while reducing the amount of artificial lighting that negatively impacts the surrounding ecosystem. Read Now

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.