AKO, DKO increase security measures

By AKO Public AffairsAugust 19, 2009

WASHINGTON (Army News Service, Aug. 19, 2009) -- Army Knowledge Online and Defense Knowledge Online are changing procedures for users who log on without a common access card.

Users accessing the AKO or DKO Web Portals without a CAC will soon need to take additional steps to verify their identity when logging on.

"Last year, more than 9 million people became prey to identity thieves who obtained significant portions of the information about their victims from the Internet," said Maj. Alprentice Smith, AKO/DKO director of security. "We want to make sure our users and their information are protected to the maximum level possible, while still providing an environment for warfighters, and those that support them, to communicate and access information."

Because mission-critical and personal data are essential to the Army and DoD, AKO will use knowledge-based authentication, or KBA security questions, to provide proof of authentication for users entering the system via username and password. The AKO and DKO Web portals now serve more than 2.2 million users, according to Smith.

"One of the most common ways hackers gain access to information is through keystroke monitoring," said Smith. "KBA helps eliminate that threat by allowing users to click on the correct answers to personal security questions with a mouse."

The enrollment process, which began this month, will include providing answers to a series of personal security questions. Shortly after enrollment, the new authentication process will begin for users entering the system via username and password. A user will then be required to select correct multiple choice answers to three of these security questions each time he logs in before access is granted to the AKO portal.

"This adds another layer of security without increasing the time it takes to log on," said Smith. "If a question is answered incorrectly, the user will have three attempts to get it right. If he fails at that, the user is locked out via username and password. At that point the user must logon with a CAC or reset his password using the current methods." Resetting security questions will require a call to the help desk.

KBA implementation will not disrupt the services provided by the AKO and DKO portas, Smith said. He added that KBA simply will ensure the security of user information and critical data, making it more difficult for information -- whether personal or mission-essential, to fall into the wrong hands.