GAO Recommends FIDO

By Brett McDowell, Executive Director, FIDO Alliance

Thousands of people have lost millions of dollars and their personal information to tax scams, and the U.S. Government Accountability Office (GAO) is now pointing to FIDO Authentication as a way to help.

One of the most common ways that criminals collect information for tax scams is through phishing and social engineering attacks – emails and phone calls aiming to trick citizens into handing over their personal information like passwords and social security numbers. These attacks show no signs of stopping; the IRS reports “a steady onslaught of new and evolving phishing schemes as scam artists work to victimize taxpayers during filing season.”

Given the persistence of taxpayer fraud, the GAO published a public report, “Identity Theft: IRS Needs to Strengthen Taxpayer Authentication Efforts,” to determine what the IRS can do to strengthen its authentication methods while improving services to taxpayers in the future.

FIDO Authentication is one of the authentication options that the GAO recommends the IRS consider. The report states that possession-based authentication, such as solutions using FIDO standards, offer users “a convenient, added layer of security when used as a second factor for accessing websites or systems that would otherwise rely on a username and password for single-factor authentication.” In other words, allowing citizens to use a FIDO-enabled device to log in to IRS services would give them additional protection without impacting convenience.   

In addition, FIDO Authentication meets National Institute of Standards and Technology’s (NIST) new guidance for secure digital authentication at the highest level of assurance, which the GAO recommends the IRS implement as a priority.

This is not the first time that a government agency has been urged to adopt FIDO Authentication. Last year, Sen. Ron Wyden (D-Ore.) wrote a letter to the Social Security Administration (SSA) asking the agency to support FIDO Security Keys because they are “resistant to all phishing.”

FIDO Authentication is proven to work against phishing and social engineering attacks. None of Google’s 85,000+ employees have been phished since early 2017 when the company began requiring all employees to use FIDO-based Security Keys. If the IRS follows the GAO recommendations and enables users to login with FIDO Authentication, we can expect a drastic reduction in phishing-related tax scams – saving money, time and hassle for citizens and government.


More

Recap: Virtual Summit: Demystifying Passkey Implementations

By: FIDO staff Passkeys hold the promise of enabling simpler, strong authentication. But first organizations,…

Read More →

EMVCo and FIDO Alliance Provide Essential Guidance on Use of FIDO with EMV 3DS

As leaders in authentication and payments spaces respectively, the FIDO Alliance and EMVCo collaborate to…

Read More →

FIDO Alliance Announces Call for Speakers and Sponsors for FIDO APAC Summit 2024

February 21, 2024 The FIDO Alliance is excited to announce the return of the FIDO…

Read More →


12361 Next