FB pixel

FIDO Alliance recommends MFA requirement in NIST guidelines

Categories Access Control  |  Biometrics News
 

The FIDO Alliance has made recommendations for a strong authentication requirement in the National Institute of Standards and Technology’s (NIST) draft updates to its Framework for Improving Critical Infrastructure Cybersecurity guidelines.

Initially published in February 2014, the Framework excluded recommendations for multi-factor authentication (MFA) due to authentication-related issues in 2013-2014, NIST said.

These challenges included a lack of standards to promote security and interoperability as well as usability problems with the solutions available.

The FIDO Alliance has reviewed and commented on NIST’s proposed updates (PDF), which it submitted on the FIDO Alliance website.

The Alliance recommends that NIST clarify their language and explicitly require MFA in the next update to the Framework.

In an opinion-editorial article penned by FIDO Alliance executive director Brett McDowell, the Alliance urged NIST to introduce an “authentication” sub-category to the Framework core with the recommendation that “authentication of authorized users is protected by multiple factors.”

McDowell said that it is necessary to address MFA with this language to help government and industry combat increasing risks caused by weak authentication.

He commends the NIST for making many positive identity-centric amendments in the proposed update to the Framework, but emphasizes that the Framework should factor in two essential things that have happened since the Framework was initially published.

The first occurrence is that the industry has addressed previous challenges associated with implementing strong authentication through public-private, multi-stakeholder collaboration with NIST and other standards organizations and policymakers worldwide.

McDowell highlights the FIDO Alliance’s own work in delivering “a comprehensive framework of open industry standards for simpler, stronger authentication, fundamentally changing the landscape and closing the gaps originally observed by the authors of Framework.”

He said these open industry standards “improve online authentication by leveraging proven public key cryptography for stronger security and privacy preserving on-device user verification for better usability.”

McDowell said the standards provide an example of how a large-scale, industry-led, multi-stakeholder initiative has responded to market challenges and changed the landscape in a manner that the NIST must consider in its Framework updates.

The second occurrence is that problems triggered by single-factor password authentication have intensified over the past three years, even though the industry has made considerable progress in addressing the “need for strong authentication standards that ensure user privacy and enable single-gesture usability innovation”.

Based on this, McDowell said that NIST should make multi-factor authentication a requirement in its next update to the Framework.

Earlier this year, the FIDO Alliance released a white paper in support of the U.S. Commission on Enhancing National Cybersecurity’s recommendations for all agencies to use strong authentication across all government systems.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

UK government wades into private sector territory with mDL, digital wallet

The UK government has thrown the nation’s digital identity ecosystem into confusion with the revelation that the Gov.uk digital wallet…

 

Trump unveils landmark AI initiative called ‘Stargate’

Coinciding with his repeal of former President Joe Biden’s 2023 AI Executive Order that required AI companies to share safety…

 

Opinion: Mexico’s AI Bill highlights global trends in compliance and fair use

By Tony Porter, Chief Privacy Officer, Corsight AI The global regulatory landscape for AI is evolving at a breakneck pace,…

 

All eyes on AI Act exemptions as ban on high-risk AI systems nears

Despite being celebrated as the world’s first comprehensive AI legislation in the world, the European Union’s AI Act has left…

 

Idemia liveness detection tops DHS evaluation

Idemia Public Security has announced it scored the highest biometric accuracy and fairness in an assessment of its liveness detection…

 

Keyless adds $2M in funding to fuel North American expansion

Keyless has raised $2 million in a selective strategic funding round to support its plans for continued growth in 2025,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events