The Army is optimistic about expanding a pilot program that would give soldiers a new way to log in without using a Common Access Card (CAC).
The pilot, involving about 1,000 people for now, is scheduled to be completed this month, and Army CIO Lt. Gen. Bruce Crawford and others in his office are eager to expand it, according to Michael Payne, deputy project director of Enterprise Services. Most of the participants are soldiers who access training material remotely by logging in with authentication from a physical token or an app.
If the pilot is deemed successful, the Army will purchase more of the USB tokens, called YubiKeys, and expand access to the authenticator app. The program is not designed to replace the CAC, but instead expand access to those who might not have the card or card reader that are needed to authenticate a login credential. Using off-the-shelf YubiKeys could be especially beneficial to members of the National Guard or first responders working with the military during national emergencies. “It is easing the accessibility to those soldiers,” Payne told FedScoop.
The token has been tested longer than the app, but so far each are showing promising results, Payne said.
“They are very interested, we are working very closely with [the Army CIO],” he said.
Users with the YubiKey tokens put them into a USB port, and the token’s unique signal authenticates their other login credentials. For users with the phone app, a unique secure code is generated for them, and they type it in while logging in — much like a text message code that a bank might send to a consumer.
Soldiers — and one day first responders — will be able to use their own phones with the app.
“Multifactor authentication for the Army is a game changer for our Soldiers,” Lee James, project director for Enterprise Services, in a news release. “It allows Soldiers the convenience and capability of conducting business in a secure way from their own devices and on their own time.”