12月 13, 2022

White Paper: FIDO for e-Government Services

The global COVID-19 pandemic closed offices and forced governments to rapidly move services online, if they weren’t already, to serve its citizens. Although usernames and passwords are easy to deploy and easy for citizens to use, they leave systems and users vulnerable to cyberattacks. They are especially vulnerable to phishing attacks designed to steal login credentials and compromise legacy multi-factor authentication (MFA) tools like those using one-time passwords (OTP) and push notifications. With phishing attacks on the rise, it is imperative for governments to support “phishing-resistant” MFA technology that is also accessible, efficient, and cost-effective.

Enterprises and governments around the globe are turning to modern online authentication solutions featuring FIDO specifications based on public key cryptography. Governments and industries have embraced FIDO as the preferred way to deliver high-assurance MFA to consumers. Notably, the Cybersecurity & Infrastructure Security Agency (CISA), a component of the U.S. Department of Homeland Security (DHS), refers to FIDO security keys as the gold standard of MFA1

Several governments globally have deployed and/or supported FIDO authentication for citizens to securely conduct government transactions, including making tax payments and applying for and accessing government benefits. Governments leveraging FIDO authentication solutions have realized reduced operational costs and increased consumer satisfaction.

This white paper provides guidance for policymakers and department/agency heads seeking to learn about FIDO authentication to support or deploy FIDO for e-government services.

MORE Intro to FIDO

Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.