Like most or many federal employees I have an ID card, technically known as an HSPD 12 badge. It looks just like this, only with a much more attractive picture. See that little gold thing towards the bottom? When I insert that into my laptop it sends a signal to initiate the authentication process. When I type in my pin or password it completes that process and allows me access to the LAN, network resources, the Intranet, email etc.
It is good because it is easy and secure. It is more secure than a really hard password simply because it has 2- factors, something you have and something you know. The thing you have is the card. The thing you know is the pin or password. Either of these without the other is not good enough to authenticate a user. I might lose my card, and we wouldn't want someone else going around pretending to be me. So, I have a pin, which, for me, is easy to remember, but is not likely to be guessed. The problem with this is, that the laptop I use, while really nice, is like 22" by 17" by 2" and weights, 5 pounds. It's cool for taking on a plane when I have to go on a trip, or for working at home. But when I go to a meeting and want to be able to check my email between meetings, it's kind of a pain there. It doesn't easily fit into my pocket.
But, what I do have is my new Droid. I could check email and my calendar and do lots of stuff that I would normally do on my laptop on this smartphone, and, bonus, it does easily fit into my pocket. The issue that I have is in authentication. Thus, while I have a really hard password, that is like honestly 18 characters, upper, lower, alpha, numeric and special, it is a real pain to try to type that super hard password into my new phone.
As such, I propose a marriage. Build a smartphone that includes the capability for me to insert my HSPD-12 badge into it (Factor 1) and allow me to type in my PIN (Factor 2). This would allow me to access all of the same resources I use when I'm logged into my laptop without going through GOOD. No offense to GOOD, I just don't like your software. My opinion is that Good is unproductivity software because it makes things more difficult.
So let's try to create a hardware solution to authentication. Try to focus on 2-factor and make use of stuff that most of us have anyway. Put a card reader on a smartphone and I guarantee you will command this segment of users. If you want to take it to the next level you will create an ap-store by agency that will allow USDA to identify the applications that can be installed on USDA smartphones and HHS to identify the applications that can be installed on their phones. Then, as an authenticated employee, I can cruise through that store to install the applications that I want, and we get to avoid applications that hold risk.
No comments:
Post a Comment