Senate employees just use passwords, and their badges sport a picture of an alternative.
When Congress held hearings following the breach of the systems of the Office of Personnel Management (OPM) in 2015, one of the issues that caused great consternation among lawmakers was that the OPM had failed to implement two-factor authentication for employees, particularly when using virtual private networks. Federal information security standards in place at the time called for strong user authentication for any federal information system, but the OPM hadn’t figured out how to implement two-factor authentication principles—something users know (a password), plus something they have (which, in government, is typically a “smartcard” ID with digital authentication keys programmed onto a chip).
