Two-Factor Authentication Adds Security and Efficiency

The Fort Worth Police Department had two reasons to deploy two-factor authentication: to comply with the FBI’s security mandate and to make the Texas city’s police officers more efficient.

David Tiwater, assistant public safety support manager for the agency, says the Fort Worth PD went live with two-factor authentication last August, about a month before the mandate went into effect requiring secure access to the Criminal Justice Information Services database. “The FBI relaxed the date a bit, but we made sure we came in ahead of the deadline because it was the right thing to do,” Tiwater says.

The city of Fort Worth opted for authentication software from 2FA because it could integrate the platform with the HID Global smart cards the officers already carried. “There’s no question that the ability to use the HID badges was huge for us,” says Nanette Monte, the IT solutions project manager who led the citywide rollout and worked closely with the police department.

Security Doesn't Have to Affect Productivity

Before the department learned that 2FA could support the smart cards, officials considered tokens, but were concerned that they could be left in the police cars. “There can often be more than one person assigned to a car on any one day, so we didn’t want the tokens to get lost,” Tiwater says. “The HID card is something with the officer’s photo that he carries with him at all times.”

The city runs 2FA One Client software on computers and 2FA One Server on the back end. Officers swipe their HID Global smart cards on a USB-connected HID Omnikey contactless card reader. The officers then authenticate by entering a 2FA PIN associated with their domain credentials. On the road, officers use Getac B300 computers mounted in police cars, connecting to the AT&T network using cellular modems.

“All of the IT divisions worked closely with the officers in the field to test the two-factor authentication and to make sure all the notebooks were configured properly,” says Monte.

Fort Worth law enforcement relies on a large array of web applications. “The two-factor authentication is a terrific timesaver,” says Tiwater. Officers previously had to sign on every time they wanted to access an application, whereas now they can sign on once at the beginning of their shift and access any city database.

Jon Oltsik, a senior principal analyst for the Enterprise Strategy Group, says the drivers for two-factor authentication are well understood: strong authentication, digital signatures and nonrepudiation. “I believe that biometrics is the future, driven by various technologies such as fingerprint readers, facial recognition using cameras and voice recognition using microphones,” he says.

Nanette Monte of the city of Fort Worth and David Tiwater of the Fort Worth Police Department say two-factor authentication enables officers to get to the data they need more quickly.

Dan Bryant

A Healthy Dose of Security

For Nabil Fares, deputy director and CIO for the California Department of Public Health, two-factor authentication satisfies state requirements for remote access and contributes to the agency’s defense-in-depth security approach, especially for more sensitive health information.

“For remote access over Citrix, two-factor authentication adds more security because the employee must provide more than one password or pass-phrase to authenticate,” Fares says.

Agency employees first use their personal password, which may rarely change and must be memorized, and a one-time temporary password displayed on a physical token that expires almost immediately. The department uses SafeNet physical tokens, but Fares says the agency plans to migrate to software-based tokens in the months ahead.

While some agencies may struggle to afford two-factor authentication, expect public health and tax departments to follow suit beyond law enforcement.