FIDO Authentication highlighted for updated phishing-resistant authentication requirements
The FIDO Alliance endorses The U.S. Office of Management and Budget’s finalized Federal Zero Trust Strategy, supporting their efforts to implement stronger cybersecurity methods across government agencies. The Federal Zero Trust Strategy now requires agencies to use phishing-resistant multi-factor authentication (MFA) to access agency-hosted accounts, highlighting FIDO Authentication as a quality option to ensure user security. Notably, the OMB also recommends this approach in environments where the use of Personal Identity Verification (PIV) isn’t feasible.
“The Federal Zero Trust Strategy provides a robust roadmap for agencies to follow to ensure best practices in creating a zero trust environment. The FIDO Alliance commends the Office of Management and Budget for requiring phishing-resistant authentication to protect agencies as phishing attacks become significantly more sophisticated – including the increasingly common ability to bypass legacy MFA approaches such as OTPs,” said Andrew Shikiar, executive director of the FIDO Alliance. “Authentication is a critical component of any zero trust architecture. As cited by OMB, FIDO Security Keys and authenticators present a practical alternative to PIV and can provide agencies with a rapidly deployable solution to harden their defenses against hackers armed with increasingly sophisticated and persistent threat campaigns.”
WHO: The FIDO Alliance
WHAT: The OMB’s Federal Zero Trust Strategy, which aims to accelerate the migration of U.S. Government agencies towards zero trust cybersecurity principles, mandates the use of phishing-resistant authentication, such as FIDO Authentication. This serves as yet another example of the government recognizing the importance of not only MFA, but phishing-resistant MFA to secure accounts.
As the OMB initiates this paradigm shift in how Federal agencies approach cybersecurity, the broader adoption of FIDO Authentication will provide simpler and more secure authentication for agencies, especially as enterprise users continue to be the most valuable targets for phishing.
WHEN: The OMB released its final Federal Zero Trust Strategy on January 26, 2022. As detailed in the strategy, agencies are required to achieve the zero trust security goals outlined in the strategy by the end of 2024.
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.