In the wake of the OPM breach and subsequent security audits across government, Two Factor Authentication (2FA) is becoming the standard for accessing government systems and data. The GrantSolututions team wanted to implement 2FA as quickly as possible, as the GrantSolutions system touched many other systems in government including numerous financial systems so security has always been of paramount importance.
The team began work in July 1, 2015 and, in just two weeks, developed a low-cost, effective solution that added an additional level of security with minimal impact on users and the system. The solution developed by Dovel and the ACF team is an open source solution that uses the industry standard Time-based One-time Password Algorithm (TOTP). This algorithm computes a one-time password from a shared key and the current time.
The 2FA solution relies on the users’ registered User Name and Password as the first factor. The second factor is a specific one-time, unique code, generated by a trusted system, and delivered to the user in one of the following three options:
- A smart phone with an installed Authentication App (e.g. Google Authenticator) that generates specific code that is used as the second factor used to login to the application.
- A code delivered as a text message to users who prefer this.
- A code sent via a voice message to the user’s registered phone (landline or mobile phone).
The above three options provide users with the widest flexibility of receiving the second factor of their 2FA – covering the range of situations system users face, and meeting the user’s preference at any one time.
This quick – developed and deployed in just two weeks – and affordable alternative is now offered to agencies throughout the government needing to meet 2FA standards. Its simplicity and effectiveness earned it recognition as part of the Government Computer News Discovery and Innovation in Government IT awards (GCN DigIT) in the Cybersecurity category. This award serves to showcase what matters most in government IT: transformative tech that is truly reinventing government.