By C. Todd Lopez
WASHINGTON (Nov. 19, 2008) -- Operators of the Army's Web-based information portal "Army Knowledge Online" plan to implement new security procedures on the system as early as January.
When logging into the security-improved AKO, users will be presented with three questions they must correctly answer before being allowed to continue. The questions are designed to be difficult for anyone but the users themselves to answer, said Lt. Col. Ken Fritzsche, chief of operations for AKO.
"What AKO tries to do is provide a layer of protection, so in addition to just using a password, you can supply answers to questions about yourself," he said. "Who was your first teacher, the first person you kissed? It'll be answers known only by you. So when you log in and provide those answers, we have at AKO a very high sense of security that you are who you claim to be."
To prepare each user for the new security protocol, the AKO system will present each user with a list of 20 questions. The user then chooses to provide answers to 15 of those questions. In subsequent logins, AKO will present three of those questions to the user, with multiple-choice answers. Users will need to choose the correct answer in order to log in, said Fritzsche.
"Why do we offer the questions? Because the questions are one more layer of security that defeat keystroke loggers," Fritzsche said. "Keystroke loggers are probably one of the most popular methods used by known bad guys to capture credentials. So the new security credentials are used to help defeat keystroke logging."
"Keystroke loggers" are pieces of software installed on computers -- possibly by those wishing to gain illegal access to DOD networks -- that record the keys pressed on a computer's keyboard.
It is easy for someone who has installed a keystroke logger to use captured information to access a person's account. The addition of random information -- such as the keystrokes needed to answer randomly chosen multiple-choice questions -- makes it more difficult to record and reproduce a valid login sequence, Fritzsche said.
In addition to providing e-mail, chat and directory services to more than 2 million users, AKO also provides pass-through user authentication to hundreds of other Army computer systems. While directly logging into AKO will require users to answer three questions, Fritzsche said it will be at the discretion of other system owners to take advantage of the new security measure that AKO offers.