by Sean McGinnis
The National Institute of Standards and Technology (NIST) released the Second Public Draft of Special Publication 800-63, Revision 4 (SP 800-63 Rev 4), Digital Identity Guidelines, in August 2024. It’s a major milestone in the evolution of digital identity standards, focusing on enhancing security and user experience through the use of emerging technologies like passkeys. It also underscores the need for sturdier, more dynamic authentication mechanisms to protect users while simplifying access to online services.
Traditional password-based systems are often cumbersome, leading to weak password choices and password reuse. Passkeys, by contrast, offer a more user-friendly approach that enhances security and minimizes the risks associated with password breaches. This shift toward “passwordless” authentication reflects a broader movement supported by major technology players including Apple, Google, and Microsoft.
Passkeys offer a more user-friendly approach that enhances security and minimizes the risks associated with password breaches.
Passkeys rely on device-based authentication and public key cryptography to make it harder for threat actors to exploit vulnerabilities. Beyond eliminating passwords, passkeys can be stored securely on the user's device; linked to biometric data like fingerprint or facial recognition, or other authentication methods (e.g., a PIN); and synced across devices via secure cloud services, ensuring cross-device functionality.
SP 800-63 is a major step forward in addressing digital identity management's dual usability and security challenges.
SP 800-63 is a major step forward in addressing digital identity management's dual usability and security challenges. Notably, it also recognizes the need to maintain accessibility for individuals who may not have access to the latest devices or technologies. By continuing traditional identity verification methods, such as in-person identity proofing, NIST is exemplifying its commitment to fair access, ensuring that users who face technology barriers can participate in the evolving digital landscape.
REFERENCES
National Institute of Standards and Technology | NIST SP 800-63 Digital Identity Guidelines
https://pages.nist.gov/800-63-4/