two-factor authentication


Two-factor authentication in two weeks

In the cybersecurity sprint that followed the Office of Personnel Management data breaches last year, civilian agencies across the government increased their use of personal identity verification cards to 83 percent. However, that initiative did not address how authorized users who did not have a PIV card could securely access government data.

Dig IT Award Finalists

The GCN Dig IT Awards celebrate discovery and innovation in government IT.

There are 36 finalists this year. Each will be profiled in the coming days, and the winners for each category will be announced at the Oct. 13 Dig IT Awards gala.

See the full list of 2016 Dig IT Award Finalists

At the Department of Health and Human Services, tens of thousands of grantees worldwide were checking the status of their government grants by signing into the website with just a username and password. Determined to come up with a more secure yet cost-effective solution, Director of Application Development Paul Hasz and his team built an open-source two-factor authentication solution that protects public- and private-sector grantees and the numerous financial systems that connect to

The solution works by first asking for the user's registered username and password. It then generates a one-time, unique code that it delivers to the user via a smartphone authentication app, text message or voice message -- a definite improvement over the previous login process, according to Hasz.

What he said is most innovative about the solution, however, is the way existing components and code developed in-house were combined to create a solution. And it’s one that other government websites can use as well. By providing design documents, code and help files, the team can assist other agencies in deploying a two-factor authentication solution in as little as two weeks without incurring significant cost.

In fact, the entire package has already been provided to three additional government partners, two of which are already in production.

About the Author

Suzette Lohmeyer is a freelance writer based in Arlington, Va.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected