Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: passwords

We See the Future and it is … Single Sign On

By now you’ve likely heard of Single Sign On (SSO). It’s not exactly new, and it’s currently used by just a few agencies, but it is the wave of the future as agencies move to more cloud-based apps. In fact, 6 U.S. Code § 1523(b)(1)(D), a provision of law governing federal cybersecurity regulations, states that agency heads must “implement a single sign-on trusted identity platform for individuals accessing each public website of the agency that requires user authentication.” This provision was created by GSA working with the Department of Homeland Security. (FedTech, May 24, 2019)

What exactly is SSO? SSO allows a user to sign in one time with one high-strength password and access all that specific user’s authorized applications. With SSO, a user need not memorize a different password for each and every application they access. SSO uses the Security Assertion Markup Language protocol that gives the user the ability to log on once for affiliated but separate websites. According to Tracy David, a cloud client executive at CDW, SSO uses “highly complex encrypted keys, which the end user has no access to view or change.” Ultimately, this makes for a much higher level of security for each agency. (ibid)

At this time, you must log in to each app with a different password. More often than not, passwords across applications are similar (if not the same) and easily remembered. This weakens the security level of the agency as stolen credentials account for roughly 80 percent of breaches. With SSO, you have one complex, single-sign-on password protected with multi-factor authentication.  (ibid)

Many agencies are still using on-premises SSO, which will be more difficult as apps move to the cloud. Insiders believe that the Defense Department’s forthcoming Joint Enterprise Defense Infrastructure cloud contract signals cloud adoption becoming the “norm” in government.

Questions about how this affects your current government contract, or how you might work with the government on SSO Technology? Give us a call at 301-913-5000.

 

 

 

After-the-Hack Survival Guide

Post Breach Rules Require Password Resets

Remember that huge GSA hack? Remember how they subsequently lost all your usernames and passwords? Now it’s time to deal with the fallout.

Since then, GSA assessed “the underlying vulnerability in all of its information systems and is immediately applying stricter security measures, including more stringent password management and Multi-Factor Authentication”. The measures apply to eBuy, Advantage Spend Analysis Program (ASAP), Schedule Input Program (SIP), Reverse Auctions and 72A Reporting System accounts.

What does this mean for contractors? For 72A reporting, you’ll have to visit https://72a.gsa.gov/ to reset your password. VSC users should have received an email with links and instructions to reset your VSC password. In case it got filtered to your spam, you can find reset instructions here. System features will be inaccessible until you reset your password. GSA advises users having trouble to contact the Vendor Support Center Monday through Friday8:00 a.m. to 5:30 p.m. EDT at 877-495-4849 or vendor.support@gsa.gov. Through tomorrow (12 June), VSC offers extended hours of 8:30 a.m. to 9:30 p.m. If this is all way too confusing for you, we are here to help at 301-913-5000 or admin@ezgsa.com.