NIST Provides Electronic Authentication Guidelines for Verifying User Identity

John Storts
Slide Show

Eight Steps to Enterprise Data Protection

Eight steps to developing an enterprise data security plan.

Enforcing a policy that requires strong passwords is one way to protect your data by confirming whether a person is allowed access to network resources. But the security provided by password-based authentication only goes so far. Additional mechanisms such as challenge-response tests like CAPTCHA offer a bit more security by preventing intrusions conducted by automated software, but those can be cracked as well.


Authenticating a user's identity based on secrets adds yet another layer of security to these methods.


You've probably encountered secrets-based electronic authentication when banking online, for example. Just recently, my bank revamped how it verifies my identity when I log in. In addition to the standard account ID and password entry fields, I must now select a representative image (similar to how CAPTCHA works) and answer three "security questions" that determine if I am who I claim to be. If a hacker were to have possession of both my account ID and my password, the inability to provide answers to these questions would prevent this malicious person from accessing my account information.


The National Institute of Standards and Technology (NIST) recently uploaded the Electronic Authentication Guidelinesdocument to the Knowledge Network. These guidelines describe widely implemented methods for allowing remote users to access federal IT systems by way of secrets-based authentication. Similar to how my bank verifies my identity, these methods authenticate a user's identity based on secret information that only he or she knows.


Businesses and other organizations can prevent unauthorized network access by following the E-authentication recommendations provided by the NIST.


More from the Knowledge Network and IT Business Edge

Network Security Policy for Portable Computers

Information Technology Standards Policy

Identity Management Shifts Toward the Cloud

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.