The program is supposed to eventually create a standardized ID badge for all government employees, but is currently...
only in a pilot stage for selected facilities around the country. The badge is supposed to be tamperproof and not susceptible to counterfeiting.
The badge is essentially a smart card that contains a photo and biometric information, or in this case, a fingerprint, from the user. In addition, users will need to enter a PIN number into the device where they insert the card. The system is a textbook three-factor authentication system. It consists of something you know (the PIN), something you have (the card) and something you are (the fingerprint).
Although the HSPD-12 directive states it also covers logical access to IT systems -- since technologically speaking, physical and logical access is slowly converging -- the current rollout is only for physical access to federal sites.
With that in mind, there might not be an immediate impact on authentication. However, you can expect that the same three-factor authentication system and smart card will be needed to access government IT systems down the road; probably within the next five years.
For specific information, consult the Federal Information Processing Standard Publication 201 (FIPS 201) on the National Institute of Technology Web site, which details implementing the HSPD-required Personal Identity Verification (PIV) cards.
Dig Deeper on Two-factor and multifactor authentication strategies
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.