OUT WITH KBA; IN WITH NEW DIGITAL IDENTITY GUIDELINES FOR THE US GOVERNMENT AND BEYOND - A Debrief of the Latest GAO Report
Date: Jun. 24, 2019
Time: 11:00am ET
The newest report issued by the U.S. General Accounting Office (GAO), Federal Agencies Need to Strengthen Online Identity Verification Processes, calls for an overhaul and updated guidelines on identity proofing, highlighting the availability of data stolen in various data breaches over the years in the hands of attackers and fraudsters. Already, the National Institute of Standards and Technology (NIST) has issued guidance in 2017 that effectively prohibits agencies from using Knowledge-Based Authentication (KBA) methods for sensitive applications. Now, the GAO is going one step further, recommending that all agencies discontinue the use of KBA and highlights various alternatives for consideration. The outcome may have far-reaching implications not just for federal agencies but across the board for all private entities that conduct identity verification and authentication to provide digital products and services.