Get Email UpdatesSign up below to receive free Trusted Identities Group blog updates.
- A minor plot twist: Comment period extended for PART of SP 800-63-3
- Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3
- Build Trust and Verify: New funding opportunity to assess our state pilots!
- From public preview to public draft: SP 800-63 is open for comment!
- Making Privacy Concrete (Three Words Not Usually Found Together)
April 2017 M T W T F S S « Mar 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Author Archives: TIG
Let’s get this out of the way right up front: this is not an early April Fools Day prank!
Granted, government blogs aren’t the typical medium for getting emotional. But we (Paul and Mike), and the rest of our incredible team at NIST, have truly been moved by the support, encouragement, and engagement you’ve provided as we embarked simultaneously on this major update to the document and – perhaps even bigger – updating our community engagement process to achieve a better result on this document. Continue reading
Last year we issued five grants so state and local jurisdictions could use digital identity technologies to improve delivery of services.
Now, we want to evaluate how well those pilots have done: we’re issuing a new funding opportunity to quantify the benefits these solutions bring to the organization and end users, share lessons learned, and shed light on how successfully similar solutions can be adopted elsewhere, in public sector programs and services at all levels of government. With so many individuals depending on state and local government services for day-to-day activities, these entities can play a critical role in advancing digital identity for large populations. The findings, discoveries, and lessons learned from this funding opportunity will help pave the way for NIST to better inform and improve upon broader cybersecurity efforts in the future. Continue reading
Most in the IT space won’t know this, but NIST has one of the world’s best concrete engineering programs. Maybe we just have concrete on the mind since a couple of us in the office are doing house renovations, but with today’s publication of the NIST Internal Report 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems (NISTIR 8062), we are taking a page from the concrete folks’ book with a document that we believe hardens the way we treat privacy, moving us one step closer to making privacy more science than art. NISTIR 8062 introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on federal systems. Continue reading
Back in January, NIST’s Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues under consideration, 220+ participants discussed the concept of measuring the strength of authentication. Continue reading
To get to the core of multi-factor authentication (MFA) and why it’s such an important security feature, we caught up with Michael Kaiser, the Executive Director of the National Cyber Security Alliance (NCSA). Mr. Kaiser graciously sat down with us for our inaugural coffee chat – a new series on the NSTIC Notes Blog. In this series, we’ll hear from various leaders in the identity community as they share unique perspectives—in their own words—on essential identity topics. See our questions and his answers, below. Continue reading
Here’s the traditional, not so secure way to log in to your bank account: enter your username and that familiar password you probably use for most of your online accounts. Then, you’re in. You can go about your business.
Not so fast! If you’re one of the 54% of consumers who, according to TeleSign, use five or fewer passwords for all of their accounts, you could create a “domino effect” that allows hackers to take down multiple accounts just by cracking one password. The good news? There’s an easy way to better protect your accounts (which contain a lot of personal information) with multi-factor authentication (MFA). Continue reading
This has gone on long enough. In 2004, Bill Gates predicted the demise of the password: “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”
The first known computer password heist occurred 54 years ago and the situation is arguably worse than it was in 1962. The 2015 Verizon Data Breach Report estimated 700 million compromised records in 2014 with a $400 million estimated financial impact. According to Verizon’s Data Breach Digest, 80% of breaches involve exploitation of stolen, weak, default, or easily guessable passwords. Continue reading
Multi-factor authentication (MFA) is near and dear to our hearts at NSTIC. We understand how important it is to the security and privacy of online transactions and we get excited about any opportunity to increase the awareness of—and encourage the adoption of—MFA. This is why we jumped at the opportunity to submit a challenge about MFA for the National Day of Civic Hacking earlier this summer. Continue reading
Our friends at the National Cyber Security Alliance recently caught up with Mike Garcia, acting director of the NSTIC NPO, to jumpstart their new executive Q&A blog series! This interview will give you a glimpse into what the NSTIC NPO … Continue reading
Recently NIST joined the FIDO Alliance under its newly-created government membership class. The FIDO Alliance was formed in July of 2012 and aims to bring easy-to-use, privacy-enhancing authentication devices to the consumer mass market. FIDO-based credentials are designed to provide an … Continue reading