Tag Archives: strong authentication

Many thanks for a successful 800-63-3 public preview!

As summer has flown by, you have kept us very busy reviewing your comments on GitHub to Special Publication (SP) 800-63-3 and engaged in a dialog about how this material can be enhanced to better support the public and private sectors. The response we’ve received to SP 800-63-3 – and this new approach – has been phenomenal and inspiring. And now, we’re excited to transition from the public preview period for draft NIST SP 800-63-3: Digital Authentication Guideline to the next critical phase – the 60-day public comment period. But before we do that, I’d like to explain what we learned this summer and where we are headed next… Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , | 2 Comments

Questions…and buzz surrounding draft NIST Special Publication 800-63-3

Here’s the backstory: You may have noticed that we’ve been getting a wee bit of attention on the proposed deprecation of SMS as an out-of-band second authentication factor in section 5.1.3.2 of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. First, we’re happy to get the attention. Sure, this is a NIST document, but the point of public comment—and our extended public preview of the draft on GitHub—is to make sure the community is a part of creating it. The more eyes the better. The team here at NIST wouldn’t quite say many commenters make lighter work—but they sure do make a better end product. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , | 2 Comments

Calling all 800-63-3 comments!

Have you done your summer reading yet? We’re approaching this summer’s halfway point – which means we’re halfway through the public preview of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. Don’t let the dog days of summer get you down – we still need your feedback and expert opinions! For a refresher on some of the major changes to 800-63-3 and why we’re using GitHub to solicit comments, see our announcement blog. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , | Leave a comment

Out with the old, in with the new: making MFA the norm

It seems it’s finally multi-factor authentication’s (MFA) time in the limelight. A recent Wells Fargo commercial touts a movement beyond the password with strong authentication. Bank of America enabled passcode-free mobile login with fingerprint. The White House released the Cybersecurity National Action Plan (CNAP), expanding upon Executive Order 13681, with a focus on securing accounts with MFA. Betty White’s on board, too. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , | Leave a comment

Stepping stones: working to establish a solid foundation for measurement science in the Identity Ecosystem

The “Applying Measurement Science in the Identity Ecosystem” workshop was a huge success from NIST’s perspective; post-conference chatter leads me believe that attendees felt the same way. These two days further validated my excitement coming to work every day: we were humbled by the 220 familiar faces and new friends that showed a desire to build on the community’s progress in digital identity, along with the diversity of opinions and expertise to do just that. Between informative expert panels and intensive breakout sessions, attendees delved into measurement science in the Identity Ecosystem – brainstorming and evaluating approaches, barriers, implementation considerations, and more. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | Leave a comment

Register now: Applying measurement science in the Identity Ecosystem workshop

Registration is now officially open for the ‘Advanced Identity Workshop: Applying Measurement Science in the Identity Ecosystem’ coming up on January 12-13, 2016, at the NIST campus in Gaithersburg, Maryland.

This two-day advanced identity workshop will bring together a diverse community of technology vendors, cybersecurity researchers, policy makers, and other experts from the public and commercial sectors to tackle three tough issues in developing measurement science in identity and access management: strength of identity proofing, both remote and in-person; strength of authentication with a focus on biometrics; and attribute confidence to assist in effective decision-making. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , | Leave a comment

A Retrospective Look: Advancing standards for strong identity and authentication in the Identity Ecosystem

As the NSTIC pilots develop and implement innovative identity solutions, they are confronting head-on the challenges of attempting to convince the marketplace to adopt them. We are enthusiastic about organizations that are pioneering new identity technologies, but recognize that widespread adoption of these technologies require that they be interoperable. Standards are essential here; without them, consumers and businesses have no way to easily adopt these technologies, or judge how – if at all – to trust them. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment