US Govt steps up authentication security efforts with new report, Aware biometrics
The U.S. Department of the Interior (DOI) has published a new report suggesting that its management practices and password complexity requirements are insufficient to prevent potential unauthorized access to systems and data.
“In the current cyber threat environment, strong authentication methods and robust account and password management practices are necessary to help protect computer systems from unauthorized access,” reads the document.
“Overreliance on passwords to restrict system access to authorized personnel can have catastrophic consequences.”
The DOI research also highlights the benefits of multi-factor authentication (MFA), particularly those using biometrics as a second factor.
“The Department, however, did not fully implement MFA requirements that have been in place for more than 15 years,” warned the DOI.
“In addition, when we asked the Department to provide a detailed status of MFA across the agency, it told us that information did not exist. This failure to prioritize a fundamental security control led to continued use of single-factor authentication.”
Additionally, the report concluded that the Department’s management practices and password complexity requirements were not sufficient to protect against potential unauthorized access.
“We cracked passwords for 21 percent of all active accounts across the Department because its complexity requirements allowed users to make weak passwords.”
The DOI report suggests eight recommendations to increase password security within the Department.
These include using department-approved MFA methods, revising password complexity and account management policies, and implementing controls to monitor, limit, or prevent commonly used or compromised passwords per NIST guidelines.
Agencies expand use of Aware biometrics
In line with its plan to increase security levels at a governmental level, several U.S. federal government agencies have enlisted or expanded their use of Aware’s biometrics.
According to a company announcement, Aware’s solutions are now being used across all three branches of the U.S. federal government (legislative, executive and judicial) and 12 out of 15 executive departments within the executive branch.
“Used alone or in combination with other forms of authentication, biometrics provide a higher degree of security and certainty than other approaches,” explains Aware Chief Revenue Officer Craig Herman.
The new deployments include an executive department using an Aware solution to verify the identity of users requiring a new PIN on their smart card used for access to physical and digital systems and a judicial branch agency deploying Aware’s web-based biometric enrollment and data management technology for use in nationwide background checks.
“Given the mission-critical and highly sensitive nature of their work, federal agencies demand the gold standard in authentication technologies,” Herman adds.
“The significant federal market traction we’ve experienced throughout Aware’s history and continuing in 2022 validates the trust these agencies place in us to power their modern systems.”
Aware recently received SOC (System and Organization Control) 2 Type I compliance for its cloud-based adaptive authentication platform.
Beyond Identity is now FIDO2 certified
Another company has received certification to improve authentication security by eliminating passwords, meanwhile. Beyond Identity is now FIDO2 certified, months after the U.S. Government officially recommended the passwordless standard.
“We’re excited to achieve FIDO2 certification because eliminating passwords removes the largest source of ransomware attacks and fraud from account takeovers, but it is only step one on the way to complete security,” comments Beyond Identity CTO Jasson Casey.
“Harnessing the power of FIDO in our platform enables us to make passkeys universally available, simplifying the deployment of phishing-resistant MFA for CISOs and their teams.”
Beyond Identity has also recently hired Pia McSharry as vice president of global sales engineering and Susanne Gurman as VP of revenue marketing to bring its solutions to new markets.