Authentication: Changes Coming In a YearUsing Same Credentials to Access Different Gov't Services
The U.S. government could be a year away from enabling citizens to use the same two-factor authentication credentials to get services from multiple departments and agencies, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace. NSTIC, in part, is an effort to phase out the use of passwords for authentication to improve security.
"We're getting really close to launching a new service that would basically enable citizens to have a single credential ... that they can use to log in to different government sites for new online services," Grant says in part two of an interview with Information Security Media Group.
Grant, a senior executive adviser at the National Institute of Standards and Technology who's the government's point man on NSTIC offers an example of how this could work. A veteran could use the same credential to access the My HealtheVet portal to manage Department of Veterans Affairs benefits and to renew a passport with the State Department."You'll see more and more solutions where people are using stronger credentials and passwords and they use them interoperably across sites," Grant says.
In part two of the interview, Grant discusses:
- The successes and failures of pilot projects the government funded two years ago aimed at helping develop standards for more secure, user-friendly ways to authenticate users online;
- What the government hopes to learn from new pilot projects the government funded last month; and
- How pervasive two-factor authentication will become within two years.
In part one of the interview, Grant discussed technologies that could replace the password, saying the development of these solutions are "nearing a tipping point" but remain several years off (see The Slow Path to Password Replacement).
Grant began his career as a Senate aide, where he helped draft the legislation that laid the groundwork for the Department of Defense and General Services Administration smart card and PKI efforts. Afterward, he worked at the government services firm Maximus as head of its security and identity management practice and Washington Research Group as an identity and cybersecurity market analyst. Before joining NIST, Grant served as chief development officer for the consultancy ASI Government.