Identity Management offers new login security for users

USB stick and laptop (

Veterans looking to access online services via the portal can now identify themselves to the system using a USB-based physical security key, rather than having to remember password information.

"Your 90-year-old grandma applying to get her husband's benefits no longer has to have seven different passwords," Julie Meloni, director of product management at the U.S. Digital Service, said at Sept. 14 AFCEA ID Forum in Washington, D.C.

The "unphishable" security key comes from vendor It's an identify service that grew out of an e-commerce business that Army veteran Blake Hall launched while he was attending Harvard Business School. His company's deal service called TroopSwap foundered as that e-commerce trend lagged, but it turned out the tool they'd built to verify and manage military identity had broader applciations.

Hall explains his tool as "Paypal for identity." Just as Paypal matches up credit card and bank account information to an online payment serivce, attaches a verified aspect of your identity, such as a drivers license, passport, student or military ID or  professional license, and makes it storable and portable for use across secure online services.

"You should never have to do the same thing twice as part of an identity transaction," Hall explained in an interview with FCW.

The digital wallet is one piece of the FIDO (Fast Identity Online) Alliance, a growing ecosystem of interoperable products and services designed to decrease reliance on passwords and support device-based authentication.

The service brings the FIDO U2F (Universal Second Factor) standard to goverment website login for the first time. Users of can now opt for the solution instead of other two-factor authentication protocols like a text message or a voice call to verify user identity. The service went live on Sept. 11.

The other advantage to a physical security key is that a scammer has to obtain physical access to the device to perpetrate fraud, taking away the ease and scalability of phishing and other email based attacks. It also eliminates the attack vectors of using email and account information to change a password remotely.

"We do not believe that knowledge should be used to verify identity, espeically in the wake of the Equifax breach," Hall said. "Name, date of birth, Social Security number is still useful to know if an identity is real and unique. What it is no longer useful for is to verify if the user claiming that identity is that person and not a malicious actor."

Many of the solutions approved by the FIDO Alliance can be embedded or attached to a mobile phone or device with a SIM card. What makes the service useful to the Department of Veterans Affairs is that it solves the authenication problem for older users who might not have mobile devices or who aren't comfortable using a security application. The physical keys themselves are available from multiple vendors, Yubico being the most prominent.

"Seniors, less affluent and less educated Americans don't have the hardware," Hall said. "But with, they can buy a $15 security key that is a one time-cost and is very easy to use." 

The demographic that uses VA services is "a microcosm of American society," Meloni said at the ID forum. "That causes problems in trying to figure out the best way to enable access to services."

About the Author

Ben Berliner is an editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at

Click here for previous articles by Berliner.


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.