After OPM Debacle, Three-Step Biometric ID Checks Are Coming

Expect computers to require that federal personnel use a smartcard, a password and their fingerprints before logging on, as a way to shore up defenses in the wake of a massive government cyber assault, a top official from the Department of Homeland Security said. So-called three-factor authentication goes one step further than today's governmentwide sign-on routine, which involves only a badge and PIN, if that.

Most agencies, including the recently hacked Office of Personnel Management, only require a PIN. Foreign spies, who allegedly extracted details on millions of current and former federal employees from OPM’s network, might change that. "Several organizations are looking at three-factor authentication," said Shonnie Lyon, acting director of the DHS Office of Biometric Identity Management. Lyon, who did not name the agencies. "I think that's the way things are going to have to go."