It sounds like a bad idea. I'm reminded that for many, many years; the "locks" on the US's nuclear weapons had the combination set to all zeros, because the Pentagon was worried the complexity of using an actual combination would mean they'd be rendered useless in wartime . It seems like the height of foolishness to tie military effectiveness to a finicky and unreliable "AI/ML" solution. Soldiers will probably behave differently in wartime, and I can large numbers getting locked out of their devices as a result, at least initially.
 Since any war they'd be used in would probably last less than an hour.
All road mobile icbms are programmed at the factory. No mid-flight retargeting or anything fancy
Yeah...right. As if vanilla CAC authentication isn't already littered with UX warts.
Also, clickbait article title:
Well, from my [DoD CIO Dana Deasy] standpoint, the CAC will remain the department’s principle authenticator for the foreseeable future.
At least in principal.
But these pattern detection systems are fundamentally incapable of preventing targeted attacks. For a targeted attack any pattern recognizer (heuristic, bayesian, neural net, army of elite white hats, w'ever) simply provides a blueprint for reliably subverting the system. They could never replace a hard, cryptographically strong authentication factor providing distinct, provable security characteristics; certainly not in environments like DoD facilities which require such strong authentication.
Sorry DoD Acronyms never stopped getting on my nerves even 5 years later.
We had a game to find how many acronyms we could find with the same word multiple times.
But during the day's introductory remarks, it became clear that the DoD had invented a new acronym for the meeting. I don't remember exactly what it was, but it was something silly along the lines of S.P.E.A.R. - <Some Topic> Project Education And Review.
It was when I witnessed the US military invent a brand new acronym to represent one specific routine meeting I had with them that fully internalized just how out of control acronyms were in the US military.
1) "by the way they walk, interact with their phone, commute to work, and how and where they spend their time."
Ive known many many Marines during my service... We were always injured, sprained wrists and ankles, broken fingers, torn muscles. That's normal for a fighting force that does continuous training. Our weight was changing constantly, as well as our locations, sleep cycles, and habits. The listed biometrics would be curfuzzled by this lifestyle.
2) "therefore it can be used continuously without creating any extra work” said Dawud Gordon
Imagine the amount of work needed to debug a system like this when it doesn't believe the identity of an intelligence officer trying to get to his workstation in a top secret environment. Would he be detained at the guard post until they fix it (standard SOP if he tries to enter the building without a CAC card and TS ID).
While thing seems ludicrous to me.
> CAC card
> CAC cards
This is so annoying. It's like saying ATM machine, or PIN number.
(The unpredictable kind of off-topic subthread is fine, but there are many kinds of predictable ones and those should be resisted.)
But I wholeheartedly agree. This is a correction that is important in my job as a technical proposal writer.
It important to call “tools” etc. by their correct name. “CAC card” is technically incorrect and it’s always my job to fix mistakes like these at work.
Edited to add: in the case of this article, the author should have led with the spelled-out words then abbreviated afterwards.
Common Access Card (CAC) is a name for the card, but it's also the name of the system using the card. In a context where the abbreviation is otherwise consistently used as a name for the system and as an adjective to modify other nouns associated with the system, it appears both correct and more clear than the alternative to do the same thing with the card used in the system.
What’s the point in collapsing a descriptive name to an initialism then partially redundantly expanding it?
If someone needs l to be pedantic they can go to the/Pedantic or something. You can argue that PIN itself is wrong, as it doesn't identify a person at all, the account number in the identifier, what you enter is a secret.