Menu Close

US Govt steps up authentication security efforts with new report, Aware biometrics

The U.S. Department of the Interior (DOI) has published a new report suggesting that its management practices and password complexity requirements are insufficient to prevent potential unauthorized access to systems and data.

“In the current cyber threat environment, strong authentication methods and robust account and password management practices are necessary to help protect computer systems from unauthorized access,” reads the document.

“Overreliance on passwords to restrict system access to authorized personnel can have catastrophic consequences.”

The DOI research also highlights the benefits of multi-factor authentication (MFA), particularly those using biometrics as a second factor.

“The Department, however, did not fully implement MFA requirements that have been in place for more than 15 years,” warned the DOI.

“In addition, when we asked the Department to provide a detailed status of MFA across the agency, it told us that information did not exist. This failure to prioritize a fundamental security control led to continued use of single-factor authentication.”

Additionally, the report concluded that the Department’s management practices and password complexity requirements were not sufficient to protect against potential unauthorized access.

“We cracked passwords for 21 percent of all active accounts across the Department because its complexity requirements allowed users to make weak passwords.”

The DOI report suggests eight recommendations to increase password security within the Department.

These include using department-approved MFA methods, revising password complexity and account management policies, and implementing controls to monitor, limit, or prevent commonly used or compromised passwords per NIST guidelines.

Agencies expand use of Aware biometrics

In line with its plan to increase security levels at a governmental level, several U.S. federal government agencies have enlisted or expanded their use of Aware’s biometrics.

According to a company announcement, Aware’s solutions are now being used across all three branches of the U.S. federal government (legislative, executive and judicial) and 12 out of 15 executive departments within the executive branch.

“Used alone or in combination with other forms of authentication, biometrics provide a higher degree of security and certainty than other approaches,” explains Aware Chief Revenue Officer Craig Herman.

The new deployments include an executive department using an Aware solution to verify the identity of users requiring a new PIN on their smart card used for access to physical and digital systems and a judicial branch agency deploying Aware’s web-based biometric enrollment and data management technology for use in nationwide background checks.

“Given the mission-critical and highly sensitive nature of their work, federal agencies demand the gold standard in authentication technologies,” Herman adds.

“The significant federal market traction we’ve experienced throughout Aware’s history and continuing in 2022 validates the trust these agencies place in us to power their modern systems.”

Aware recently received SOC (System and Organization Control) 2 Type I compliance for its cloud-based adaptive authentication platform.

Beyond Identity is now FIDO2 certified

Another company has received certification to improve authentication security by eliminating passwords, meanwhile. Beyond Identity is now FIDO2 certified, months after the U.S. Government officially recommended the passwordless standard.

“We’re excited to achieve FIDO2 certification because eliminating passwords removes the largest source of ransomware attacks and fraud from account takeovers, but it is only step one on the way to complete security,” comments Beyond Identity CTO Jasson Casey.

“Harnessing the power of FIDO in our platform enables us to make passkeys universally available, simplifying the deployment of phishing-resistant MFA for CISOs and their teams.”

Beyond Identity has also recently hired Pia McSharry as vice president of global sales engineering and Susanne Gurman as VP of revenue marketing to bring its solutions to new markets. The U.S. Department of the Interior (DOI) has published a new report suggesting that its management practices and password complexity requirements are insufficient to prevent potential unauthorized access to systems and data.

“In the current cyber threat environment, strong authentication methods and robust account and password management practices are necessary to help protect computer systems from unauthorized access,” reads the document.

“Overreliance on passwords to restrict system access to authorized personnel can have catastrophic consequences.”

The DOI research also highlights the benefits of multi-factor authentication (MFA), particularly those using biometrics as a second factor.

“The Department, however, did not fully implement MFA requirements that have been in place for more than 15 years,” warned the DOI.

“In addition, when we asked the Department to provide a detailed status of MFA across the agency, it told us that information did not exist. This failure to prioritize a fundamental security control led to continued use of single-factor authentication.”

Additionally, the report concluded that the Department’s management practices and password complexity requirements were not sufficient to protect against potential unauthorized access.

“We cracked passwords for 21 percent of all active accounts across the Department because its complexity requirements allowed users to make weak passwords.”

The DOI report suggests eight recommendations to increase password security within the Department.

These include using department-approved MFA methods, revising password complexity and account management policies, and implementing controls to monitor, limit, or prevent commonly used or compromised passwords per NIST guidelines.
Agencies expand use of Aware biometrics
In line with its plan to increase security levels at a governmental level, several U.S. federal government agencies have enlisted or expanded their use of Aware’s biometrics.

According to a company announcement, Aware’s solutions are now being used across all three branches of the U.S. federal government (legislative, executive and judicial) and 12 out of 15 executive departments within the executive branch.

“Used alone or in combination with other forms of authentication, biometrics provide a higher degree of security and certainty than other approaches,” explains Aware Chief Revenue Officer Craig Herman.

The new deployments include an executive department using an Aware solution to verify the identity of users requiring a new PIN on their smart card used for access to physical and digital systems and a judicial branch agency deploying Aware’s web-based biometric enrollment and data management technology for use in nationwide background checks.

“Given the mission-critical and highly sensitive nature of their work, federal agencies demand the gold standard in authentication technologies,” Herman adds.

“The significant federal market traction we’ve experienced throughout Aware’s history and continuing in 2022 validates the trust these agencies place in us to power their modern systems.”

Aware recently received SOC (System and Organization Control) 2 Type I compliance for its cloud-based adaptive authentication platform.
Beyond Identity is now FIDO2 certified
Another company has received certification to improve authentication security by eliminating passwords, meanwhile. Beyond Identity is now FIDO2 certified, months after the U.S. Government officially recommended the passwordless standard.

“We’re excited to achieve FIDO2 certification because eliminating passwords removes the largest source of ransomware attacks and fraud from account takeovers, but it is only step one on the way to complete security,” comments Beyond Identity CTO Jasson Casey.

“Harnessing the power of FIDO in our platform enables us to make passkeys universally available, simplifying the deployment of phishing-resistant MFA for CISOs and their teams.”

Beyond Identity has also recently hired Pia McSharry as vice president of global sales engineering and Susanne Gurman as VP of revenue marketing to bring its solutions to new markets.  Read More   

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami