Multi-factor & Risk-based Authentication , Security Operations , Video

Jeremy Grant: Why the US Government Embraced FIDO Standards

Push Technology and One-Time Passcodes for MFA Just Aren't Secure Enough
Jeremy Grant, managing director, technology business strategy, Venable LLP

Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, heightening the need for phishing-resistant MFA, says identity expert Jeremy Grant.

See Also: OnDemand | Extended Access Management: Securing Access for All Identities, Devices and Applications

In response, U.S. government officials from CISA Director Jen Easterly on down have championed the FIDO standard since it's a mature, open standard that's built into every operating system and browser, Grant says. The proliferation of new attack vectors and ongoing public policy challenges have prompted federal officials to embrace FIDO authentication to help prevent bad things from happening, Grant says (see: Microsoft Exec on Why FIDO Authentication Beats Certificates).

"You've got regulations. You've got guidance that points to legacy things. And as technology evolves, policy has to evolve with it," Grant says. "Because so many other countries will tend to follow what the U.S. government does, it really resonates around the world that FIDO standards are mature and ready to be deployed."

In this video interview with Information Security Media Group from the FIDO Alliance's Authenticate 2022 conference, Grant also discusses:

  • How FIDO authentication fits into the broader zero trust paradigm;
  • How the federal embrace of FIDO affects commercial customers;
  • The impact of more passkey adoption among government agencies.

Grant, an ISMG contributor who leads technology business strategy at Venable, was the founding leader of the National Program Office for the National Strategy for Trusted Identities in Cyberspace and senior executive adviser for identity management at the National Institute of Standards and Technology. He led the White House's initiative to catalyze a marketplace of secure, easy-to-use, privacy-enhancing identity solutions for online services through government and private sector partnerships.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.