NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Electronic Authentication

[Posted April 9, 2015 -- NIST Solicits Comments on its Electronic Authentication Guideline - Read More]

Electronic Authentication is the process of establishing confidence in user identities that are presented in online environments. Application developers are often faced with a choice of mechanisms based on a wide variety of technologies to perform local or remote authentication. The use of multifactor authentication (MFA) adds an increased layer of security to transactions by using multiple forms of eAuth mechanisms during a transaction.

Electronic Authentication and NSTIC
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative developed to catalyze the marketplace for secure credentials—so we can choose from a variety of credentials to use for online transactions that are more secure, convenient, and privacy-enhancing than passwords. NSTIC has a broad charge: the creation of an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” For more information, please see http://www.nist.gov/nstic/.

Special Publication 800-63-2, Electronic Authentication Guideline
NIST Special Publication (SP) 800-63 was released in 2006 to complement OMB Memorandum M-04-04. M-04-04 specifies four levels of assurance (LOA) that agencies must select from based on a detailed risk assessment of the potential harm that may come as a result of authentication failure. 800-63 specifically provides the technical and procedural requirements that agencies can implement to meet the LOA requirements of online services.

A More Secure Future of Online Transactions
A recent White House Executive Order (October, 2014), Improving the Security of Consumer Financial Transactions, calls for “all agencies making personal data accessible to citizens through digital applications” to “require the use of multiple factors of authentication and an effective identity proofing process.” Working toward this Executive Order will ultimately enable citizens to better engage with federal agencies and will increase the security, privacy, and convenience of online transactions.