NIST published the new draft of NIST SP800-63-4 Digital Identity Guidelines on August 21. The public consultation runs until October 7. The main points are as follows:
Overview of NIST’s Digital Identity Guidelines Update
- NIST has updated its draft digital identity guidance to enhance security and accessibility.
- The update reflects feedback from various stakeholders, including private industry and advocacy groups.
- The guidelines aim to balance anti-fraud measures with equitable access to digital services.
Key Features of the Updated Guidelines
- The draft includes guidance on modern digital pathways, such as syncable authenticators and user-controlled wallets.
- Syncable authenticators (passkeys) provide enhanced security compared to traditional passwords.
- User-controlled wallets can store various digital credentials, including identification documents.
Accessibility and Traditional Identification Methods
- The guidelines ensure that individuals without smartphones or digital credentials can still access services.
- Expanded guidance includes in-person identity proofing and handling exceptions for those lacking traditional identification.
- The concept of “applicant reference” allows trusted individuals to vouch for those without identification.
Biometric Identification and Privacy Considerations
- The updated guidance maintains the use of biometrics for identity verification, emphasizing accuracy and privacy.
- Alternatives to biometric methods are encouraged, especially for public service systems.
- NIST aims to ensure that biometric systems include manual processes to address potential errors.