An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Secure logon in effect at Shaw

  • Published
  • By Tech. Sgt. Kevin Williams
  • 20th Fighter Wing Public Affairs
SHAW AIR FORCE BASE, S.C. --  Friday is the last day computer users can manually log on to their workstations. Beginning Saturday, the primary method for logging on to a standard unclassified user account is the Smart Card Logon.

"A smart card is the standard DoD identification card, also known as Common Access Card," said Chief Master Sgt. David Gouin, 20th Communications Squadron chief enlisted manager. "To use the CAC for network logon, simply insert you CAC into the reader attached to your workstation and enter your (personal identification number) you created when the card was issued to you."

Because the networks are essential to the success of our warfighting missions, Chief Gouin said the smart logon will help protect the network and our basic privacy information.

"Unfortunately, the same networks are under attack every day by hackers, saboteurs and terrorists," he said. "They can compromise the integrity of our network and put critical information systems at risk though unauthorized access, fraud, e-mail tampering, eavesdropping and data theft."

If the network is compromised, it can make day-to-day tasks difficult to accomplish.

"Just imagine what could happen if you couldn't get access to critical information you need to perform your duties in support of warfighting operations," the chief said. "Besides the sensitive information, we increasingly conduct many personnel and financial transactions over the network. We cannot afford the operational or identity theft consequences if that data were compromised."

According to the 20th CS Network Control Center, one of the main weaknesses of the network is the use of passwords that users get accustomed to using because those passwords are vulnerable. They are stored on and transmitted over the network and are easily hacked. It's not hard for adversaries to capture passwords and access the network posing as legitimate users from the safety of their own base of operations.
Besides increased security, Chief Gouin explained why we are making the change to the more secure login procedure.

"The advantage of CAC plus PIN is known as ‘two factor authentication.' It requires something a user has -- their CAC -- and something they know -- their PIN. Both are required to gain access to the unclassified network."

Unlike passwords, PINs are not stored or transmitted over the network. And since PINs work differently than passwords, a user will not have to reset it unless it has been, or believed to be, compromised. A user's CAC will be locked after three unsuccessful attempts.

If a user's CAC is locked or they forgot their PIN, they can be back on the network in no time.

"Each squadron or unit has an appointed CAC-PIN-reset trusted agent whose primary role is to reset PINs that are locked or forgotten," Chief Gouin said. "Shaw has two workstations, one at the network control center and one at the Military Personnel Flight customer service area, to be used only for resetting PINs. If a user needs their PIN reset, their trusted agent will accompany them to one of the workstations to perform this task. The process should only take about 2-3 minutes. A trusted agent should be a user's first point of contact for resolving CAC issues."

As with any new process, there can be bumps in the road. That is why the Air Force is pursuing a phased approach.

"Many of the challenges have been identified and solutions are being developed," Chief Gouin said. "Our first phase is instituting secure logon from traditional work places. Subsequent phases will include fielding secure alternatives where the use of CAC is not practical like group or role based accounts and personnel not eligible for an ID card. Other challenges include enabling applications for secure or remote wireless access and implementing secure logon in deployed environments."

Network managers are preparing the Air Force infrastructure for secure logon. This includes installing card readers and associated software on every work station.

"Secure logon represents a change in our business process that affects every member of the Air Force community and everyone needs to be prepared," the Chief said. "Users need to make sure they have a properly functioning CAC and know their PIN. Their unit client support administrator and the MPF will help them get ready."