DIG IT AWARD FINALIST: CYBERSECURITY
Two-factor authentication in two weeks
- By Suzette Lohmeyer
- Sep 22, 2016
In the cybersecurity sprint that followed the Office of Personnel Management data breaches last year, civilian agencies across the government increased their use of personal identity verification cards to 83 percent. However, that initiative did not address how authorized users who did not have a PIV card could securely access government data.
At the Department of Health and Human Services, tens of thousands of grantees worldwide were checking the status of their government grants by signing into the GrantSolutions.gov website with just a username and password. Determined to come up with a more secure yet cost-effective solution, Director of Application Development Paul Hasz and his team built an open-source two-factor authentication solution that protects public- and private-sector grantees and the numerous financial systems that connect to GrantSolutions.gov.
The solution works by first asking for the user's registered username and password. It then generates a one-time, unique code that it delivers to the user via a smartphone authentication app, text message or voice message -- a definite improvement over the previous login process, according to Hasz.
What he said is most innovative about the solution, however, is the way existing components and code developed in-house were combined to create a solution. And it’s one that other government websites can use as well. By providing design documents, code and help files, the team can assist other agencies in deploying a two-factor authentication solution in as little as two weeks without incurring significant cost.
In fact, the entire package has already been provided to three additional government partners, two of which are already in production.
Suzette Lohmeyer is a freelance writer based in Arlington, Va.