FB pixel

US cyber safety board wants feds more involved in eliminating passwords

| Jim Nash
Categories Access Control  |  Biometrics News  |  Government Services
US cyber safety board wants feds more involved in eliminating passwords
 

A U.S. cybersecurity agency has issued a full-throated endorsement of private – namely FIDO Alliance — and government standards-making to end the use of passwords once and for all.

It is calling for a significant change in how government has interacted with the data industry since at least the birth of the public internet.

Members of the Cyber Safety Review Board have published a far-reaching report calling for, among other things, national rules to safeguard identity. They are calling for a “secure authentication roadmap.”

A lack of universally adopted standards is a situation that U.S. government and businesses can no longer tolerate. The review board is a body with the Cybersecurity & Infrastructure Security Agency.

The board writes that the “roadmap should include standards and frameworks, guidance, tools, and technology specific to organizations’ needs and circumstances that account for size, industry, threat profile, as well as privacy and civil liberties considerations.”

While the federal government creates or adopts all kinds of standards for industry – for drinkable water, for instance – it has largely left the information technology industry to compete its way to effective digital identity standards. That’s especially true with foundational matters requiring coordination.

It’s doubtful the executive, legislative or even judicial branches will go along with the proposed activist role in an age when state and local governments are buffeted by fractious electorates who do not even agree on the danger of Covid.

That probably leaves CISA officials doing what they can to support the FIDO Alliance and like organizations.

The review board calls for application developers to make consumer devices FIDO2 compliant with hardware-backed components by default, for example.

Another guideline mentioned, this one aimed at reducing social engineering, is to make it a requirement to create an explicit authentication process using FIDO2-compliant tokens or other phishing-resistant multi-factor authentication methods.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

US lawmakers move to restrict AI chatbots used by kids

A bipartisan pair of House and Senate bills would impose new federal restrictions on AI chatbots, including a ban on…

 

Utah age assurance law for VPN users takes effect this week

Privacy advocates and virtual private network (VPN) providers are up in arms over Utah’s Senate Bill 73 (SB 73), “Online…

 

CLR Labs wins ISO 17025 accreditation for biometrics testing across EU

Cabinet Louis Reynaud (CLR Labs) has been accredited for ISO/IEC 17025, the international standard for testing and calibration laboratories, in…

 

Leidos, Idemia PS advance checkpoint modernization with biometrics, CAT-2 systems

Leidos and Idemia Public Security have formed a strategic partnership to deploy biometric‑enabled eGates and integrated Credential Authentication Technology (CAT-2)…

 

OpenAI rolls out passkeys for ChatGPT, partners with Yubico

OpenAI has introduced new passwordless security settings for ChatGPT accounts, allowing users to opt for passkeys or physical security keys….

 

Google Wallet supports Aadhaar verifiable credentials in India

Google has added support for Aadhaar Verifiable Credentials in India, allowing users to store and present their digital Aadhaar ID…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events