The global COVID-19 pandemic closed offices and forced governments to rapidly move services online, if they weren’t already, to serve its citizens. Although usernames and passwords are easy to deploy and easy for citizens to use, they leave systems and users vulnerable to cyberattacks. They are especially vulnerable to phishing attacks designed to steal login credentials and compromise legacy multi-factor authentication (MFA) tools like those using one-time passwords (OTP) and push notifications. With phishing attacks on the rise, it is imperative for governments to support “phishing-resistant” MFA technology that is also accessible, efficient, and cost-effective.
Enterprises and governments around the globe are turning to modern online authentication solutions featuring FIDO specifications based on public key cryptography. Governments and industries have embraced FIDO as the preferred way to deliver high-assurance MFA to consumers. Notably, the Cybersecurity & Infrastructure Security Agency (CISA), a component of the U.S. Department of Homeland Security (DHS), refers to FIDO security keys as the gold standard of MFA1.
Several governments globally have deployed and/or supported FIDO authentication for citizens to securely conduct government transactions, including making tax payments and applying for and accessing government benefits. Governments leveraging FIDO authentication solutions have realized reduced operational costs and increased consumer satisfaction.
This white paper provides guidance for policymakers and department/agency heads seeking to learn about FIDO authentication to support or deploy FIDO for e-government services.