OPM to Fully Do Away with Passwords for Network Access

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/cybersecurity/2015/10/opm-fully-do-away-passwords-network-access-2-years/122768/

By Aliya Sternstein
Nextgov.com
October 13, 2015

Following one of the most devastating government data breaches ever 
revealed, the Office of Personnel Management is on track to replace 
password logins with two-step identification for accessing agency networks 
in two years, according to new goals set by the Obama administration.

Suspected Chinese espionage artists allegedly used a contractor's passcode 
to break into records on 21.5 million current and prospective national 
security employees, along with their relatives.

While mandated to control network access with digital smart cards since 
2004, only 1 percent of OPM computer users needed something more than a 
password to sign on as of September 2014, according to the White House.

Meanwhile, hackers gnawed at OPM's networks from 2013 until the agency 
discovered the breach in April.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/