The Trump administration should aim to eliminate password-based digital security breaches by the year 2021, according to a new report from the US Commission on Enhancing National Cybersecurity. Established by the White House in February of this year, the committee has issued this and other recommendations in its new Report on Securing and Growing the Digital Economy.
Ending password-based breaches entails, of course, ending the password to some extent, with the report emphasizing the need for alternative, “easy to use” identity solutions. To that end, it recommends the establishment of “open-source standards and specifications like those developed by the Fast IDentity Online (FIDO) Alliance,” a recommendation that FIDO executive director Brett McDowell is “thrilled to see”, as he explains in a blog post. McDowell notes that this is the second time in about a month that FIDO standards have been referenced in a government report, with the recent UK National Cyber Security Strategy having advocating for FIDO standards.
Other key recommendations in the report include leading by example in incorporating strong authentication into citizen-facing government applications; requiring government agencies to implement strong authentication mechanisms for employees and contractors; and the establishment of a national public-private initiative to improve digital authentication. With the President-elect not yet having laid out any digital security policies, there is time for his administration to take the US Commission on Enhancing National Cybersecurity’s recommendations seriously.
December 6, 2016 – by Alex Perala