The Office of Personnel Management (OPM) is taking steps to make sure nothing like its recent cyberattacks happens again. Within the next two years, OPM will phase out password logins in favor of a two-step process for gaining access to agency networks.
The White House revealed that as of September 2014, just 1 percent of OPM employees with computer access were using it with something besides a password, Nextgov reports. Digital smart cards used to be required for network access. Within the next year, OPM will switch to a new authentication process:
By a year from now, about 50 percent of federal personnel will be using "personal identity verification," or PIV, smart cards to sign onto OPM systems.
Today, all OPM employees need a smart card for network access, but not all users outside of the agency do, OPM Chief Information Officer Donna Seymour said in an update on security goals.
Seymour says that by the end of 2017, the number of federal users will rise again. “'OPM will enforce multifactor authentication for 100 percent of all PIV-enabled users,' along with some sort of two-step verification for 80 percent of users who do not have PIV cards,” she explained.
According to Nextgov, OPM will implement four more controls to secure configurations and regulate vulnerabilities by mid-2016. In addition, the agency is just a year away from being able to monitor 95 percent of its assets using a dashboard.
OPM appears to have heard the criticism about the mess left by its hack loud and clear, and the agency is taking the necessary precautions to protect sensitive data. Better yet, federal CIO Tony Scott is on the agency’s side.
“I am fully supportive of the work that Donna and her team are doing,” he said in August, according to Federal Times.