two-factor authentication

DIG IT AWARD FINALIST: CYBERSECURITY

Two-factor authentication in two weeks

In the cybersecurity sprint that followed the Office of Personnel Management data breaches last year, civilian agencies across the government increased their use of personal identity verification cards to 83 percent. However, that initiative did not address how authorized users who did not have a PIV card could securely access government data.

Dig IT Award Finalists

The GCN Dig IT Awards celebrate discovery and innovation in government IT.

There are 36 finalists this year. Each will be profiled in the coming days, and the winners for each category will be announced at the Oct. 13 Dig IT Awards gala.

See the full list of 2016 Dig IT Award Finalists

At the Department of Health and Human Services, tens of thousands of grantees worldwide were checking the status of their government grants by signing into the GrantSolutions.gov website with just a username and password. Determined to come up with a more secure yet cost-effective solution, Director of Application Development Paul Hasz and his team built an open-source two-factor authentication solution that protects public- and private-sector grantees and the numerous financial systems that connect to GrantSolutions.gov.

The solution works by first asking for the user's registered username and password. It then generates a one-time, unique code that it delivers to the user via a smartphone authentication app, text message or voice message -- a definite improvement over the previous login process, according to Hasz.

What he said is most innovative about the solution, however, is the way existing components and code developed in-house were combined to create a solution. And it’s one that other government websites can use as well. By providing design documents, code and help files, the team can assist other agencies in deploying a two-factor authentication solution in as little as two weeks without incurring significant cost.

In fact, the entire package has already been provided to three additional government partners, two of which are already in production.

About the Author

Suzette Lohmeyer is a freelance writer based in Arlington, Va.

inside gcn

  • Pushing cybersecurity for counties

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group