10.21.2014Enterprise Tech

Executive Order Mandates Multi-factor Authentication for U.S. Government Websites

Approximately 15 million United States residents have their identities used fraudulently each year with financial losses totaling upwards of $50 billion. In fact, close to 100 million additional Americans have their personal identifying information placed at risk of identity theft each year when records maintained in government and corporate databases are lost or stolen. - identitytheft.info

In an effort to stop identity theft, The White House announced on Friday the signing of an Executive Order to help protect online identities and secure the online transactions of U.S. citizens using government websites and applications.

The U.S. order requires the National Security Council staff, the Office of Science and Technology Policy and the Office of Management and Budget (OMB) to submit a plan to ensure that all agencies making personal data accessible to citizens through digital applications implement multiple layers of identity assurance, including:

Government agencies will have 18 months from the date of the Executive Order to comply with the plan's requirements.

How it Works

Multi-factor authentication requires users to present something they know (username and password) with something they have (digital credential on a device), or something they are (a biometric) when logging in to a website or conducting online transactions. It introduces a highly effective layer of protection to verify that people are who they say they are when they access online government services and information.

The Verizon 2014 Data Breach Investigations Report found 82 percent of crimeware incidents - a broad swath of incidents involving malware - targeted user credentials. In addition, the study found that two out of three data breaches are attributable to lost or stolen user names and passwords.

As this summer's press headlines revealed, it is estimated that hundreds of millions usernames and passwords have been stolen across thousands of websites.

The good news is that multi-factor authentication essentially renders stolen credentials useless, while providing a much higher level of protection for users day in and day out.

Verizon is one of three companies and the only large-scale managed security services provider to earn a Level 3 certification from Federal Identity, Credential and Access Management (FICAM), demonstrating our ability to implement strict NIST Level 3 standards.

Visit Verizon Enterprise Solutions to learn more about Verizon's work in the Internet-identity ecosystem and its multi-factor authentication services.