IC users on JWICS use IC ITE PKI. You get issued a client cert and key when you get an account, and that is used to authenticate you to all web-based services. Additionally, it links directly to your clearance, so it automatically redacts content based on the portion label, meaning you can do something like load Intellipedia and it will not show you parts of pages containing information you have inadequate clearance to see, but still show you everything else. 2FA is implemented by requiring you to unlock your private key with a 8-digit pin.
It is light years ahead of the public world wide web. But, of course, the problem is a lot easier to solve when you have a single source of identity for every user and every user only has a single identity. Something like this is impossible if you want any level of anonymity, but users of government systems have no expectation of anonymity.
It is light years ahead of the public world wide web. But, of course, the problem is a lot easier to solve when you have a single source of identity for every user and every user only has a single identity. Something like this is impossible if you want any level of anonymity, but users of government systems have no expectation of anonymity.