“The first layer of network security is to know ‘who is knocking on the door’.” – Dovell Bonnett
All the recent cyber-attacks confirm the importance of strong identity verification. To satisfy Homeland Security Presidential Directive (HSPD-12), the National Institute of Standards and Technology (NIST) developed their Federal Information Processing Standard (“FIPS”) 201 to ensure government wide interoperability for information technology and security. The Personal Identity Verification (PIV) credential that resulted from FIPS 201 utilizes certificate-based encryption for both physical access control (PAC) and logical access control. However, many government departments and agencies still have computers, applications, systems and networks that utilize user name/password authentication were digital certificates won’t work.
Security technologies and policies are the best they have ever been, but all too often security breaks down because of the human element. Reading reports about recent government and corporate computer breaches, a common element keeps coming up: “employees used very weak passwords that the attackers were able to exploit.” Access Smart has seen numerous incidences where employees find security technologies too cumbersome to use and they will circumvent it for their personal convenience. We’ve all seen it; passwords written on sticky notes or bits of paper hidden under the keyboard or even worse stuck to the side of their monitor. Once, I walked into the office of a busy middle manager in a Fortune 500 company who had her passwords written on her white board! It had the right number of characters and complexity per company policy, but it was right out there for everyone to see!
That’s why Access Smart® developed a Windows-based password manager that’s an easy, affordable extension to the PIV credential, delivering a low cost of ownership and convenience. Power LogOn extends the PIV credential without modifying or adding data to the card. So, even an issued PIV card can now utilize both certificate and password authentication.
While certificate authentication is the security of the future, it will be years before all agencies and departments can update all computers and networks to accept it. The rash of cyber attacks shows that the government needs to secure all their networks now. Adding Power LogOn to the currently existing infrastructure can improve security within days.
How does Power LogOn work?
Power LogOn is not a PKI replacement but rather an expansion of the credential. Power LogOn is a Windows®-based password manager that integrates with Windows O/S, Server 2008/10, Forefront®, Active Directory, LDAP, Citrix and many other directory services. Because these software programs need strong password authentication, Power LogOn makes the process easy, affordable and convenient.
Power LogOn’s open design works with different ID badge technologies (magnetic stripe, RFID, PIV and non-PIV smartcards) as the “something they have” authentication. With the PIV credential, a single PIN and/or biometric user authentication and a double mouse click, the user has access to only those services determined by IT centralized identity management. When the credential is removed, Power LogOn can automatically either log the user off the network, lock the computer down or actually turn off the computer. When a new card is presented, Power LogOn automatically requires user re-authentication to safeguard access into anyone else’s account. Finally, Power LogOn requires no backend server hardware modifications, so full implementation and deployment is typically completed within a few days.
Power LogOn is well suited for contractors, visitors and temporary employees too. If a PIV card is not appropriate, a lower cost card can be issued while still implementing strong passwords. Power LogOn licenses are transferable and re-usable, so as employees leave and new ones come in, licenses are placed back into the database for re-issuance. For even more savings, there are no annual subscription fees or renewal fees for the Power LogOn licenses; and, employees can self-enroll during issuance.
Certificate based credentials like the PIV card offer strong user authentication but it may not be appropriate for every computer system or every user. Power LogOn doesn’t replace PKI but rather extends the credential’s functionality. To evaluate Power LogOn, purchase our Power LogOn Administrator Starter Kit that has everything to fully integrate, test and run a small pilot program. Since the Starter Kit comes with all the software for full integration, deployment only requires the purchase of cards, readers and licenses as required.
Founder & CEO
27762 Antonio Pkwy, L1-461
Ladera Ranch, CA 92694