Jeremy Grant: Why the US Government Embraced FIDO StandardsPush Technology and One-Time Passcodes for MFA Just Aren't Secure Enough
Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, heightening the need for phishing-resistant MFA, says identity expert Jeremy Grant.
In response, U.S. government officials from CISA Director Jen Easterly on down have championed the FIDO standard since it's a mature, open standard that's built into every operating system and browser, Grant says. The proliferation of new attack vectors and ongoing public policy challenges have prompted federal officials to embrace FIDO authentication to help prevent bad things from happening, Grant says (see: Microsoft Exec on Why FIDO Authentication Beats Certificates).
"You've got regulations. You've got guidance that points to legacy things. And as technology evolves, policy has to evolve with it," Grant says. "Because so many other countries will tend to follow what the U.S. government does, it really resonates around the world that FIDO standards are mature and ready to be deployed."
In this video interview with Information Security Media Group from the FIDO Alliance's Authenticate 2022 conference, Grant also discusses:
- How FIDO authentication fits into the broader zero trust paradigm;
- How the federal embrace of FIDO affects commercial customers;
- The impact of more passkey adoption among government agencies.
Grant, an ISMG contributor who leads technology business strategy at Venable, was the founding leader of the National Program Office for the National Strategy for Trusted Identities in Cyberspace and senior executive adviser for identity management at the National Institute of Standards and Technology. He led the White House's initiative to catalyze a marketplace of secure, easy-to-use, privacy-enhancing identity solutions for online services through government and private sector partnerships.