MFA Access Control Solutions & Protection | Enterprise Password Management | Access Smart

Cybersecurity Executive Order – Letter to President Trump

Cybersecurity Executive Order – Open Letter to President Trump

February 8, 2017Cybersecurity Executive Order


President Donald Trump
The White House
1600 Pennsylvania Avenue NW
Washington DC 20500

Re: Small Business Response to President’s Cybersecurity Executive Order


Dear Mr. President,

Thank you so much for your initiative with our nation’s Cybersecurity.

As a California Certified Small Business owner who offers a multi-factor authentication (MFA) product on the GSA Schedule, I have an important concern: Currently, there are no NAICS, SIC or SIN procurement codes for cybersecurity products on the GSA Schedule. This makes it difficult for government agencies and departments to find, let alone implement, the products you are mandating.

A year ago, I sent a similar letter to President Obama. NOTHING has changed. I trust that you are the man to fix this ridiculous problem. By simply adding cybersecurity procurement codes on the GSA Schedule as part of your Executive Order implementation, cybersecurity solutions will be implemented much faster.

Without cybersecurity procurement codes, government agencies and departments are unable to find, let alone implement, targeted products and services to help keep our Nation’s electronic data secure. Their current procedure is to do keyword searches on the GSA Schedule and hope they find something. If they don’t put in the appropriate keywords or vendors have not listed those keywords, the agency finds no match. Their only recourse is to generate expensive and time consuming RFIs, RFP’s and RFQ’s. Cybersecurity NAICS, SIN and SIC codes would streamline the entire process, save money, and ensure fast implementations.

Without updated procurement codes, small businesses like mine (and many others) are at a great disadvantage. We don’t have the ability to lobby all the agencies about our state-of-the-art solutions, so contracts are always awarded to the major primes. Sadly, they often are not up to speed fighting the latest hacking technology or methodology. When we contact the primes to tell them what we offer with hopes to be a supplier, they too don’t know how to classify our products to easily drop into their government bids (no codes to match against). Cybersecurity procurement codes will help to even the playing field for small businesses.

One federal agency’s Cyber Labs, has evaluated, purchased and successfully implemented our multi-factor authentication password manager to protect hundreds of their many high value servers. Our product, Power LogOn, saved this agency both money and implementation time because it works with their existing PIV ID badge, creating both high level MFA cybersecurity and convenience. They put Power LogOn through a rigorous evaluation process during which it acquired a FIPS 140-2 verification from an independent NIST laboratory (InfoGard) and a NIST FIPS 201 waiver.

My problem is that this agency cannot tell any other agency about our product because they will be seen as promoting a vendor. It’s a daunting task for an SMB to have to start from scratch with every agency and department when the proper placement of our services on a dedicated NAICS code for Multi-Factor Authentication Cybersecurity would allow agencies and departments to easily find and implement the products and services they need. This would help all companies to be easily identified for cybersecurity products and services on the GSA Schedule, not just mine.

Cybersecurity is one of this nation’s biggest security concerns. With the recent data breaches at the IRS, OPM, DoD, DNC, and even Congress, government agencies should be keen on finding solutions today that can help safeguard their networks.

The reason the GSA Schedule is so important to your Cybersecurity Executive Order is that agencies will be able to find and simply purchase what they need. They will not be burdened by the time and cost of a large and cumbersome procurement bidding process. Because Power LogOn is already on the GSA Schedule, agencies can implement multi-factor authentication quickly and easily, immediately plugging any holes in their current infrastructure.

Our product takes only hours to implement because it leverages existing technologies. It works with the existing PIV, PIV-I, CIV and CAC cards so re-badging. The FIPS 140-2 verification means government approved security. The FIPS 201 waiver means no expensive re-certification of government issued cards. Now agencies can add secure computer, network and application logon immediately, while saving taxpayer’s a significant amount of money.

I have been in this industry for over 25 years. I am the author of Making Passwords Secure, Fixing the Weakest Link in Cybersecurity which outlines how to implement cybersecurity authentication solutions.

My only other question is:
How can I and my business contribute to your vision for our nation’s cybersecurity?

Thank you for your time and consideration.


With warmest regards,

Dovell Bonnett
Founder & CEO
Access Smart, LLC
(949) 218-8754

Biometric Fanatics Missing the MFA Point When They Kill Passwords

Why do biometric fanatics want to “Kill Passwords?”

Kill passwords want solve cyber crime. It will make it worse.

When biometric fanatics evangelize “Kill Passwords!” in favor of biometrics they create a false security narrative. Replacing one form of Single Factor Authentication (SFA) with an alternate form of Single Factor Authentication adds nothing. It simply trades one factor for another. The whole security argument against any Single Factor Authentication is that the hacker only needs one piece of information to break in.

While biometric fanatics like to tout the weaknesses found in knowledge based authentication, (and I readily admit there are some), there are also a number of inherent weaknesses in biometrics. In this series of short blog posts, I will outline those weaknesses. My ultimate goal is for the reader to understand that if we go down the “either/or” cybersecurity path in choosing biometrics over passwords, everyone loses. The smart and secure cybersecurity solution is the “and” path, also known as Multi-Factor Authentication (MFA). Read More→

Don’t Kill Passwords: Build the Infrastructure to Make Them Secure!

Understand the difference between Password Authentication and Password Management

Don't kill passwordsDon’t kill passwords because the industry is confused between password authentication and password management. In their latest “2016 Data Breach Investigation Report,” Verizon spells out the most common ways credentials get stolen: key loggers, malware, social engineering and phishing. Nothing new there. Verizon also concludes that 63% of confirmed data breaches involved a hacker leveraging weak, default, or stolen passwords. Again, not a huge surprise. The report’s Earth shattering recommendation was… “user names and passwords are great for fantasy football leagues, but there needs to be stronger authentication.” The truth is, the problem is way more complex than simply killing passwords.

The report failed to clarify why attacks on passwords are so successful. Hackers simply go after the weakest link in the cybersecurity chain: humans. The problem is not the viability of password authentication; it’s how passwords are managed. Specifically, who manages them and what technologies (if any) are used for the job. You don’t kill passwords just because they are poorly managed. Instead, you fix the management. Read More→

Passwords are Protected by the U.S. Constitution!

Did you know: The U.S. Courts have deemed that passwords are protected under the U.S. Constitution?

united-states-constitutionU.S. Courts have ruled that passwords are considered free speech since they are considered “knowledge”. Therefore, under the Bill of Rights, 5th amendment , no person is required to disclose information that could incriminate themselves. DNA and biometrics, on the other hand, are not protected by these same rights. What’s more, Private Keys are not protected by the Constitution since they are computer generated and not considered  an individual’s “knowledge”. Read More→

Have you ever been a podcast guest?


Recently, I was a podcast guest on Practice Management Nuggets hosted by Jean L. Eaton. I was able to discuss my new book Making Passwords Secure: Mixing the Weakest Link in Cybersecurity, and it was a lot of fun. As business owners we don’t always have new opportunities to share our message with a broader audience, and participating in this podcast gave me that gift.

I highlighted many of the important topics in my Making Passwords Secure book. I discussed the importance of cybersecurity, the devastating costs of a cyber breach, and what are some things you can do today to safeguard your company or practice. According to a recent National Labor Board statistics, 70% of small business go bankrupt within 6-12 months after a breach. The average cost in 2015 from a breach was over $6M per incident. If you want to understand why these figures are so high, you need to listen to the podcast.

This topic is important to me because many companies and practices fail to understand that they now have two front doors to protect: The physical and the virtual. The virtual door is typically secured with a password. Passwords are secure, but how they are managed is the nightmare because the weakest security element manages them: the human element. Making Passwords Secure debunks many of the errors, myths and lies about passwords, and gives strategies on how you can improve security, reduce risks, and comply to the data privacy laws.

Would you like to learn about my tips and how to get a discount off the book?

Click here to listen now on Stitcher! or YouTube ]


Thanks for the invitation to participate Jean L. Eaton.

Dovell Bonnett – The Password Guy



[keywords: podcast, Practice Management Nuggets,