FB pixel

US cyber safety board wants feds more involved in eliminating passwords

US cyber safety board wants feds more involved in eliminating passwords
 

A U.S. cybersecurity agency has issued a full-throated endorsement of private – namely FIDO Alliance — and government standards-making to end the use of passwords once and for all.

It is calling for a significant change in how government has interacted with the data industry since at least the birth of the public internet.

Members of the Cyber Safety Review Board have published a far-reaching report calling for, among other things, national rules to safeguard identity. They are calling for a “secure authentication roadmap.”

A lack of universally adopted standards is a situation that U.S. government and businesses can no longer tolerate. The review board is a body with the Cybersecurity & Infrastructure Security Agency.

The board writes that the “roadmap should include standards and frameworks, guidance, tools, and technology specific to organizations’ needs and circumstances that account for size, industry, threat profile, as well as privacy and civil liberties considerations.”

While the federal government creates or adopts all kinds of standards for industry – for drinkable water, for instance – it has largely left the information technology industry to compete its way to effective digital identity standards. That’s especially true with foundational matters requiring coordination.

It’s doubtful the executive, legislative or even judicial branches will go along with the proposed activist role in an age when state and local governments are buffeted by fractious electorates who do not even agree on the danger of Covid.

That probably leaves CISA officials doing what they can to support the FIDO Alliance and like organizations.

The review board calls for application developers to make consumer devices FIDO2 compliant with hardware-backed components by default, for example.

Another guideline mentioned, this one aimed at reducing social engineering, is to make it a requirement to create an explicit authentication process using FIDO2-compliant tokens or other phishing-resistant multi-factor authentication methods.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

IntelliVision censured for misleading biometric accuracy and bias claims by FTC

The U.S. Federal Trade Commission has slapped IntelliVision with a consent order to halt claims about the accuracy of its…

 

DHS seeks wired interconnection for mobile devices to secure biometric data

The Department of Homeland Security (DHS) is spearheading an initiative to develop a wired interconnection cable/adapter that supports secure and…

 

BixeLab offers guidance on engaging APAC digital ID market

A series of digital identity verification frameworks, regulations and laws are taking effect across the Asia-Pacific region, presenting a sizeable…

 

Unissey first to receive Injection Attack Detection certification

Liveness detection from Unissey has become the first to achieve compliance certification under the Injection Attack Detection (IAD) program as…

 

Dominican Republic biometric passport plans advance, supplier to front costs

The Dominican Republic is preparing to launch its biometric passports with embedded electronic chips to replace the machine-readable version, with…

 

Ghana upgrades to chip-embedded passport for enhanced security

Ghana has rolled out an upgraded version of its passport which is embedded with a microprocessor chip containing the holder’s…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events