GAO Urges IRS to Consider FIDO Security for Taxpayer Authentication

“…the GAO’s report highlights authentication solutions based on FIDO standards for their capacity to offer ‘a convenient, added layer of security when used as a second factor for accessing websites or systems that would otherwise rely on a username and password for single-factor authentication.'”

The FIDO Alliance has a high-profile new supporter in the government sector: The Government Accountability Office is now urging the IRS to consider FIDO-based solutions to improve its authentication of taxpayers.

The endorsement comes via a new GAO report aptly entitled, “Identity Theft: IRS Needs to Strengthen Taxpayer Authentication Efforts.” As FIDO Alliance Executive Director Brett McDowell notes in a post on the organization’s website, the GAO’s report highlights authentication solutions based on FIDO standards for their capacity to offer “a convenient, added layer of security when used as a second factor for accessing websites or systems that would otherwise rely on a username and password for single-factor authentication.”

McDowell also points out that the GAO report recommends that the IRS implement the National Institute of Standards and Technology’s guidance for high-level digital authentication security, with which FIDO’s authentication standards comply.

It’s a welcome endorsement in the public sector after some high-profile announcements of support for FIDO in the private sector, including an official endorsement from Twitter, which recently pointed to FIDO-based U2F keys as an effective tool for users to protect their accounts. And with hacking and fraud attempts being a constant concern for the IRS, it’s an endorsement that may very well be heeded.

—

(Originally posted on Mobile ID World)