Tag Archives: interoperability

Questions…and buzz surrounding draft NIST Special Publication 800-63-3

Here’s the backstory: You may have noticed that we’ve been getting a wee bit of attention on the proposed deprecation of SMS as an out-of-band second authentication factor in section 5.1.3.2 of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. First, we’re happy to get the attention. Sure, this is a NIST document, but the point of public comment—and our extended public preview of the draft on GitHub—is to make sure the community is a part of creating it. The more eyes the better. The team here at NIST wouldn’t quite say many commenters make lighter work—but they sure do make a better end product. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , | 2 Comments

WHOA-OH! WE’RE HALFWAY THERE! Happy NSTICiversary!

It’s a little hard to believe, but today marks the 5th anniversary of the NSTIC, the strategy for achieving trusted digital identities in a private sector-led identity ecosystem. Let’s take a glimpse back in time to where we were five years ago:

It’s 2011. Most (79%) American adults use the Internet. The average user needs 10 different passwords for their daily online activity, according to a UK study, and 3 out of 4 Americans don’t use sufficiently strong passwords for their most sensitive accounts. It’s also a year of unprecedented data breaches. In fact, “2011 boasts the second-highest data loss since [Verizon] started keeping track in 2004,” with 855 incidents and 174 million compromised records. Some companies are getting more aggressive in pursuing better security; 2011 is the year Google released two-factor authentication (2FA). While companies are beginning to adopt more secure solutions, they’re still uncommon, even in services with the most sensitive data: in 2011, only 35% of non-Federal short-term care hospitals have the capability for 2FA. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment

New pilot opportunity: health records + federated identity = a better online experience

Say you’ve just had a procedure done at a hospital. This means new electronic medical records – but it likely also means a new account and yet another password to remember. When your healthcare team includes primary care physicians, dentists, allergists, and more, the number of accounts you have to remember can really add up. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

A major NSTIC milestone: IDEFv1 set for October 20th public release

When the Identity Ecosystem Steering Group (IDESG) plenary convened last week in Tampa, Florida, attendees meant business. By Friday afternoon, committees had finalized the baseline requirements and supplemental guidance for v1 of the Identity Ecosystem Framework (IDEF). Now the plenary stands in recess with the IDESG on track for a major milestone: completion of the IDEFv1, set for public release on October 20th! Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

BREAKING NEWS: NSTIC NPO Announces 2015 Pilot Project Funding

The NSTIC NPO has just announced a 4th round of pilot program funding in 2015 for fresh and innovative identity solutions! The Strategy calls for the private sector to lead the development of an identity ecosystem where individuals can choose … Continue reading

Posted in Uncategorized | Tagged , , , , , | 2 Comments