Tag Archives: mfa

Return of the Great Zoltan! Our 800-63 FAQs answer life’s most perplexing questions (about digital identity, anyway).

It’s been more than a month since we released Special Publication 800-63: Digital Identity Guidelines, and we have been thrilled by all the positive feedback – we are glad you like it as much as we do! But we’re also fielding a number of questions. The document included a lot of updates, so it’s only natural that we’ve heard some reoccurring questions from the community. Realizing many have the same questions, we kept track of these and compiled them in a frequently asked questions (FAQs) page. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Citius, Altius, Fortius: Announcing 6 new pilot projects across 10 states (and D.C.!)

As the sun was setting on the thirtieth modern Olympiad in London, NIST was preparing to announce our very first set of NSTIC pilot projects. As the flame goes out in Rio, we’re setting new records. In our largest pilot announcement to date, today NIST is proud to add six new projects to our ranks and bring the total number of projects to 24. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Out with the old, in with the new: making MFA the norm

It seems it’s finally multi-factor authentication’s (MFA) time in the limelight. A recent Wells Fargo commercial touts a movement beyond the password with strong authentication. Bank of America enabled passcode-free mobile login with fingerprint. The White House released the Cybersecurity National Action Plan (CNAP), expanding upon Executive Order 13681, with a focus on securing accounts with MFA. Betty White’s on board, too. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , | Leave a comment

Coffee Chat with Michael Kaiser, Executive Director, National Cyber Security Alliance

To get to the core of multi-factor authentication (MFA) and why it’s such an important security feature, we caught up with Michael Kaiser, the Executive Director of the National Cyber Security Alliance (NCSA). Mr. Kaiser graciously sat down with us for our inaugural coffee chat – a new series on the NSTIC Notes Blog. In this series, we’ll hear from various leaders in the identity community as they share unique perspectives—in their own words—on essential identity topics. See our questions and his answers, below. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | Leave a comment

Back to Basics: What’s multi-factor authentication – and why should I care?

Here’s the traditional, not so secure way to log in to your bank account: enter your username and that familiar password you probably use for most of your online accounts. Then, you’re in. You can go about your business.

Not so fast! If you’re one of the 54% of consumers who, according to TeleSign, use five or fewer passwords for all of their accounts, you could create a “domino effect” that allows hackers to take down multiple accounts just by cracking one password. The good news? There’s an easy way to better protect your accounts (which contain a lot of personal information) with multi-factor authentication (MFA). Continue reading

Posted in Uncategorized | Tagged , , , , , , , | 1 Comment

WHOA-OH! WE’RE HALFWAY THERE! Happy NSTICiversary!

It’s a little hard to believe, but today marks the 5th anniversary of the NSTIC, the strategy for achieving trusted digital identities in a private sector-led identity ecosystem. Let’s take a glimpse back in time to where we were five years ago:

It’s 2011. Most (79%) American adults use the Internet. The average user needs 10 different passwords for their daily online activity, according to a UK study, and 3 out of 4 Americans don’t use sufficiently strong passwords for their most sensitive accounts. It’s also a year of unprecedented data breaches. In fact, “2011 boasts the second-highest data loss since [Verizon] started keeping track in 2004,” with 855 incidents and 174 million compromised records. Some companies are getting more aggressive in pursuing better security; 2011 is the year Google released two-factor authentication (2FA). While companies are beginning to adopt more secure solutions, they’re still uncommon, even in services with the most sensitive data: in 2011, only 35% of non-Federal short-term care hospitals have the capability for 2FA. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment

BREAKING NEWS: 2016 state and local government pilot opportunity just announced

A recent McKinsey report found that the critical drivers of customer satisfaction with state government services are: fast, simple, and efficient processes; the availability of online options for completing interactions; and the transparency of information. Secure and convenient digital access to online state services can make a genuine difference to beneficiaries—that’s why these providers need to both deliver solutions and protect against fraud—while safeguarding personal information from malicious actors. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , | Leave a comment

Save the Date: NSTIC identity proofing, authentication, and attributes workshop – January 2016

We’re thrilled to announce that on January 12-13, 2016, the NSTIC National Program Office, with our colleagues here in NIST’s Information Technology Lab, will hold a technical workshop called ‘Applying Measurement Science in the Identity Ecosystem.’ Participants will collaborate about ways to measure and compare the performance of key solutions in the Identity Ecosystem, specifically:
◾Strength of identity proofing, both remote and in-person;
◾Strength of authentication with a focus on biometrics; and
◾Attribute confidence to assist in effective authorization decision making. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , | 2 Comments