FB pixel

High-level US security agencies want IAM vendors busier on MFA, SSO

Veridas CEO highlights biometrics implications
Categories Access Control  |  Biometrics News  |  Trade Notes
High-level US security agencies want IAM vendors busier on MFA, SSO
 

Two of the United States’ top security agencies are recommending seven general best practices for digital identity and access management (IAM) developers and integrators of multi-factor authentication and single sign-on features.

The National Security Agency and the Cybersecurity and Infrastructure Security agency (known better as the NSA and CISA) created the short list as part of a large report on major but addressable industry challenges.

The first of the seven recommendations is obvious and yet absent from most discussion about rebuffing attacks: Speak the same language.

An inexact lexicon, officials say, is interfering with MFA progress. “Clear, interoperable and standardized definitions and policies” come from standard terminology. More specifically, the agencies encourage developers and integrators to map products NIST requirements, spotlighting SP 800-63.

Second, address a “lack of clarity” related to the security properties some MFA implementations provide.

Better phishing-resistant authenticators for more use cases are needed and needed in simpler, standardized form to accelerate their adoption. They could be inserted in operating systems, for example.

Third, move from an overreliance on self-enrolment and single-use enrolment code flow, an accident waiting to happen, especially in the enterprise. Tools for cleaning up enrolment idled MFA authenticators would be a good idea, according to the report.

Fourth, the industry must also address the current tradeoff between SSO complexity and functionality. What is needed is secure-by-default SSO that is easy to use.

And the industry could become active players in spotting insecure ID federation protocols and in getting more vendors focused on the issue.

Fifth, improve deployed open standards everywhere identity. Without suggesting how, the agencies want developers and integrators to “implement broader support for the development of enterprise ID standards.

Sixth, the industry should build an open-source repository of modules and patterns that are based on open standards and can break down integration challenges.

Last, IAM developers and integrators need to make SSO capabilities accessible to smaller organizations. They could bundle organizational SSOs in pricing plans for all customers, not just the enterprise.

“Considering these guidelines, businesses must pivot toward integrating biometric authentication, such as facial or voice recognition, into their MFA process,” says Eduardo Azanza, CEO of Veridas, in a comment emailed to Biometric Update. “Facial and voice recognition offer a multifaceted solution that addresses both security and user experience concerns. They are a convenient yet highly secure means for users to verify their identity without the need for external validation codes or passwords, which often lead to frustration among individuals.

“However, it is important for businesses to choose vendors that are in alignment with certifications such as NIST, which evaluates the quality and security of their technologies,” Azanza adds. “With the best biometric technology, businesses can significantly improve their MFA methods and overall improve their cybersecurity posture.”

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Trump’s homeland security picks could have lasting impact on border biometrics

Donald Trump’s leadership picks for homeland security signals a potentially significant shift in border security strategy, particularly as it applies…

 

Entrust updates card issuance software, lands ecommerce onboarding deal

Entrust has released two new products, including one in partnership with European payment platform Lemonway, which offers payment processing for…

 

Japan’s DNP sets eyes on Asia-Pacific cross-border digital credentials

Global printing giant Dai Nippon Printing (DNP) is getting into the digital identity business. And not only that: The 150-year-old…

 

Germany still not ready to launch DeutschlandID

Germany’s little-known federal digital identity BundID still seems to be struggling to find popularity. According to the federal government, only…

 

Voxx asset review delays quarterly filing

A regulatory notice from Voxx International says the firm needs extra time to work out the fine details of its…

 

RealSense spinning out from Intel with biometrics expansion plans

The RealSense 3D camera division of Intel was never completely shuttered, and the company is now spinning it off into…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events