Return to Article: New cards may make user IDs, passwords obsolete

By Daniel Pulliam dpulliam@govexec.com June 21, 2007
  • 26775

    Mr. Martin,

    Yes CVS is the DOD system for providing CAC cards to contratcors. However, I believe this article refers to non-DOD entities.

    You may have hit on something, though. Why not migrate the DOD system to the rest of Government? DOD has already cracked the nut.

    US Posted June 26, 2007 11:00 AM
  • 26536

    The real question is why all the hype about computer security. Every day I read another article about some Federal dope losing his laptop with all kinds of secure data.

    dan ketter Posted June 22, 2007 5:01 PM
  • 26531

    Why doesn't the author of this article just straight-out acknowledge that the 'new' process is actually the established Contractor Verification System (CVS) Common Access Cards (CAC)?

    John W. Martin Posted June 22, 2007 3:38 PM
  • 26512

    It's never so simple. Every network, every application, every web site has to be modified to accept this and to map it to the current user accounts. What's a great convenience to the user is seen as an unnecessary drain on resources by the system manager, and it doesn't get done. Those AF examples just go to prove it. When will managers come around and users get some benefit from this?

    Name Withheld Posted June 22, 2007 11:27 AM
  • 26506

    As other readers have said (we here have the CAC system), the claims in this article are just the usual hype. You still need to use multiple passwords too complex to remember and they still need to be written down for a variety of applications. You still need to change the passwords regularly. Card malfunctions or losses bring about work stoppages, and getting permission to read email from home is problematic. It's another case of futuristic ideas deployed without thought to the consequences and loss of production.

    Edward Mitchell Posted June 22, 2007 10:41 AM
  • 26500

    Which Air Force are you working for? I still have the same number of IDs and passwords as before, if not more now that TSP has also gone to 8 figures in theirs. Anything that's too easy will never be implemented because each little fiefdom needs control over their own area. But it's not only the passwords that are a problem. Navigation of sites is even worse; it seems that they try to make it as difficult as possible to complete a task. Why not just get rid of the annual training altogether? Most of it doesn't apply to anyone, and those that do are not that difficult to remember--oh, I forgot, that would mean somebody losing his/her job trying to make the "training" as hard as possible to complete.

    nathan wolfson Posted June 22, 2007 9:32 AM
  • 26495

    Yeah, right. We've had the new cards for over a year, and not a single user ID or password has been eliminated. You now must have the card so you can unlock the computer so you can even GET to the programs that need user ID's and passwords. And you must use another PIN with the card. In other words, it's just another layer.

    Susan Sprague Posted June 22, 2007 9:21 AM
  • 26493

    I know the Air Force has been successfully using this type of system for years. It's about time the other Federal Agencies get on board with this type of system.

    Randal Totten Posted June 22, 2007 9:16 AM
  • 26481

    Isnt this expensive? This is great for building security but not at a work station. Card readers will have to be installed everywhere. And what if someone steals the card?

    A more logical move would be to use an encrypted USB key. If it had a biometric reader on it then only the authorised personnel would be accessing what they are permitted too. These devices can be centrally managed too.

    Alister Posted June 22, 2007 8:18 AM
  • 26477

    Hopefully this will include the login/password requirements for AKO, TSP and every other password protected site necessary to conduct daily business. I don't understand why the current CAC card doesn't already provide the security level required to access any web-based government site. Now we're making another card to fix all this. Seems we can't get something right before we implement. We need to be smarter than this!

    Michael T Phillips Posted June 22, 2007 8:02 AM
  • 26471

    we have not used UserID and passwords to access our computer/network for a couple of years at my agency; however, dozens of systems we use still require UserID/Passwords for access. Many of them have moved to 15 or more characters for the password making the task of remembering them more and more difficult - actually, this encourages more and more people to WRITE them down. How secure it that?

    None Ya Posted June 22, 2007 7:19 AM

Post a Comment

To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.

New cards may make user IDs, passwords obsolete
*
*
*
Vendors Solutions Center