Auth0 has released a new report that sheds some light on cybersecurity practices in the government sector. The company’s first Public Sector Identity Index reflects the responses of 850 IT and business decision makers currently working for federal, state, and local government agencies in the US, the UK, New Zealand, and Australia.
The results show that the majority of those in government IT are worried about both the robustness and the utility of their current authentication solutions. In that regard, Auth0 noted that many government agencies were forced to update their digital services in response to COVID-19, as people avoided physical locations and moved to online channels for things like education and driver’s license renewals.
Unfortunately, many of those agencies did not take the time to make sure those channels are secure, and the Auth0 report suggests that many agencies are still struggling with security during the transition. Only 17 percent of the respondents were extremely confident that their authentication was secure, while only 19 percent felt that it was easy to use. To make matters worse, most citizens (86 percent) are still using a username and password as their primary authentication method, even though passwords are widely regarded as one of the most vulnerable authentication factors. As it stands, only 16 percent have adopted a passwordless authentication method like biometrics.
Nearly half (41 percent) of the government agencies are trying to develop their own in-house identity and access management solution, though many respondents (83 percent) are worried that those solutions will take too long to implement, and will be difficult for staff to manage internally when they are up and running (82 percent). The majority of respondents (73 percent) believe that protecting people’s privacy (and their personal information) should be the government’s top priority when offering digital services to the public.
Interestingly, the respondents in the US were somewhat pessimistic about their government’s ability to build trust with citizens, with 71 percent listing it as important and only 56 percent believing that the government could deliver. Digital government services are still likely to become more ubiquitous moving forward, with 75 percent of the agencies in all countries surveyed planning to expand their offerings in the next two years.
For its part, Auth0 argued that governments should look to move to a Zero Trust identity model to improve their security posture, especially as more governments start to require agencies to adopt better authentication practices. The company released its own WebAuthn Passwordless authentication solution in June, just a month after getting acquired by Okta.
January 12, 2022 – by Eric Weiss