FB pixel

NIST intros new changes to federal system authentication guidelines

Categories Access Control  |  Biometrics News
 

The National Institute of Standards and Technology posted four documents to GitHub detailing drastic changes it has made to its guidelines for federal agencies’ digital authentication practices, according to a report by FCW.

NIST is updating its identity proofing strategy to better support current Office of Management and Budget guidance in an effort to help agencies select the most effective digital authentication technologies for their needs.

The new strategy includes breaking up the individual components of identity assurance into distinct, individual elements.

NIST’s new approach would allow individuals to establish their identity through identity assurance, authenticating their credentials to gain access to a system through authenticator assurance, such as an encrypted identity card with an embedded chip.

The documents also mention that passwords could be completely numeric as NIST’s experts concede that using a combination of character types in passwords “is not nearly as significant as initially thought, although the impact on usability and memorability is severe.”

Alternatively, the organization recommends that user-selected passwords ought to be compared against a list of unacceptable passwords, which would includes those passwords from past breaches, dictionary words and obvious words that users are likely to select (such as the service’s name).

The guidelines also state that users will no longer be given a password “hint” that is accessible to a third party. Therefore, passwords based on specific types of information such as your first pet or mother’s maiden name will no longer be valid.

NIST also states that biometrics for authentication matching should be conducted locally on a user’s device or by a central verifier, but biometrics must be used in combination with a second authentication factor that be cancelled.

Biometric systems used in those applications should have a tested equal error rate of 1 in 1,000 or better, with a false-match rate of 1 in 1,000 or better, according to NIST.

Previously reported, the National Institute of Standards and Technology published an analysis of invited comments for its Cybersecurity Framework.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Privacy doesn’t have to cost us great online services

By Andrew Black, Managing Director ConnectID and Sujeet Rana, Chief Digital Officer NAB For years, we accepted an implicit trade-off…

 

Alan Turing Institute reveals digital identity and DPI risks in Cyber Threats Observatory Workshop

Digital identity systems are showing growing vulnerabilities with commensurate risks for the development of DPI. The Alan Turing Institute launched…

 

Biometric identity verification gets caught up in great expectations and politics

The next generation of biometric identity verification collides with the politics of digital identity in the most-read articles of the…

 

Todd Morris named NEC NSS President as Dr. Kathleen Kiernan retires

Todd Morris is the new President of NEC National Security Systems (NEC NSS). Morris succeeds Dr. Kathleen Kiernan, who is retiring…

 

ISO’s mDL standard can’t guarantee issuer trustworthiness

The fear that the server retrieval capability supported by the ISO/IEC 18013 standard for mobile driver’s licenses (mDLs) could be…

 

One app, two app, three app, four: DECTA study shows users have ‘wallet fatigue’

While some see the concept of a “15-minute city” as sinister, advocates say they just don’t want to go very…

Comments

8 Replies to “NIST intros new changes to federal system authentication guidelines”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events