FB pixel

US Govt steps up authentication security efforts with new report, Aware biometrics

Beyond Identity achieves FIDO2 certification
Categories Access Control  |  Biometrics News
US Govt steps up authentication security efforts with new report, Aware biometrics
 

The U.S. Department of the Interior (DOI) has published a new report suggesting that its management practices and password complexity requirements are insufficient to prevent potential unauthorized access to systems and data.

“In the current cyber threat environment, strong authentication methods and robust account and password management practices are necessary to help protect computer systems from unauthorized access,” reads the document.

“Overreliance on passwords to restrict system access to authorized personnel can have catastrophic consequences.”

The DOI research also highlights the benefits of multi-factor authentication (MFA), particularly those using biometrics as a second factor.

“The Department, however, did not fully implement MFA requirements that have been in place for more than 15 years,” warned the DOI.

“In addition, when we asked the Department to provide a detailed status of MFA across the agency, it told us that information did not exist. This failure to prioritize a fundamental security control led to continued use of single-factor authentication.”

Additionally, the report concluded that the Department’s management practices and password complexity requirements were not sufficient to protect against potential unauthorized access.

“We cracked passwords for 21 percent of all active accounts across the Department because its complexity requirements allowed users to make weak passwords.”

The DOI report suggests eight recommendations to increase password security within the Department.

These include using department-approved MFA methods, revising password complexity and account management policies, and implementing controls to monitor, limit, or prevent commonly used or compromised passwords per NIST guidelines.

Agencies expand use of Aware biometrics

In line with its plan to increase security levels at a governmental level, several U.S. federal government agencies have enlisted or expanded their use of Aware’s biometrics.

According to a company announcement, Aware’s solutions are now being used across all three branches of the U.S. federal government (legislative, executive and judicial) and 12 out of 15 executive departments within the executive branch.

“Used alone or in combination with other forms of authentication, biometrics provide a higher degree of security and certainty than other approaches,” explains Aware Chief Revenue Officer Craig Herman.

The new deployments include an executive department using an Aware solution to verify the identity of users requiring a new PIN on their smart card used for access to physical and digital systems and a judicial branch agency deploying Aware’s web-based biometric enrollment and data management technology for use in nationwide background checks.

“Given the mission-critical and highly sensitive nature of their work, federal agencies demand the gold standard in authentication technologies,” Herman adds.

“The significant federal market traction we’ve experienced throughout Aware’s history and continuing in 2022 validates the trust these agencies place in us to power their modern systems.”

Aware recently received SOC (System and Organization Control) 2 Type I compliance for its cloud-based adaptive authentication platform.

Beyond Identity is now FIDO2 certified

Another company has received certification to improve authentication security by eliminating passwords, meanwhile. Beyond Identity is now FIDO2 certified, months after the U.S. Government officially recommended the passwordless standard.

“We’re excited to achieve FIDO2 certification because eliminating passwords removes the largest source of ransomware attacks and fraud from account takeovers, but it is only step one on the way to complete security,” comments Beyond Identity CTO Jasson Casey.

“Harnessing the power of FIDO in our platform enables us to make passkeys universally available, simplifying the deployment of phishing-resistant MFA for CISOs and their teams.”

Beyond Identity has also recently hired Pia McSharry as vice president of global sales engineering and Susanne Gurman as VP of revenue marketing to bring its solutions to new markets.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

TSA wants to delay full enforcement of REAL ID another two years

The US Transportation Security Administration (TSA) has proposed to delay full enforcement of REAL ID for Americans until 2027, but…

 

DEA to make award for biometric-enabled polygraph

The U.S. Drug Enforcement Administration (DEA) announced it intends to negotiate and issue a sole-source firm fixed price award to…

 

Low birth registration, high cost hinder access to legal ID in Sub Saharan Africa

While the need for legal and digital ID remains ever pressing as a result of the digital transformation wind blowing…

 

Biometric authentication invaluable, set to further enhance security in Africa

A webinar held during the Digital ID Hackathon for Africa organized by Upanzi Network and Microsave Consulting in partnership with…

 

Saudi Arabia’s Absher boosts digital ID delivery, financial inclusion

The Absher platform in the Kingdom of Saudi Arabia has emerged as the core pillar of the country’s efforts towards…

 

Malawi begins biometric voter registration pilot to test new system

A trial voter registration process will begin in Malawi tomorrow September 13 to put the country’s new Electoral Management Device…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events