Breaking News: NIST 800-63B Rev 4 (Draft) Authentication Guidelines Now Allow for Passkeys
Washington D.C. – The National Institute of Standards and Technology (NIST) has just released a new draft of its 800-63B authentication guidelines, which includes a major change that allows for the use of passkeys in digital authentication processes.
Passkeys are a new type of password-less authentication method that utilizes public key cryptography to authenticate users. Unlike traditional password-based authentication, passkeys do not rely on username and password combinations to grant access to systems, services, or applications.
In the latest draft of 800-63B, NIST has introduced the concept of "app-authenticator credentials," which include passkeys. According to the guidelines, app-authenticator credentials "are designed to be a more secure and easier-to-use alternative to passwords for authenticating users to web applications and mobile applications."
The inclusion of passkeys in the new draft of 800-63B is a significant development, as it sets the stage for widespread adoption of the technology. The move is expected to benefit organizations, developers, and end-users alike, by providing a more secure and efficient authentication method.
Key Highlights:
- Passkeys are now recognized as a viable authentication method by NIST
- 800-63B rev 4 (draft) guidelines introduce "app-authenticator credentials" that include passkeys
- Passkeys use public key cryptography to authenticate users
- Benefits of passkeys include enhanced security and improved user experience
Why this Matters:
The addition of passkeys to 800-63B represents a major shift in the authentication landscape. By allowing organizations to use passkeys, NIST is signaling a move away from traditional password-based authentication, which is often vulnerable to cyber threats.
The introduction of passkeys is also expected to have a significant impact on the development of authentication systems, as it opens up new possibilities for secure and convenient authentication methods. Additionally, the guidelines provide clarity and consistency for organizations seeking to implement passkey-based authentication solutions.
Reactions from Industry Experts:
"The inclusion of passkeys in NIST 800-63B is a significant milestone for the authentication industry. We anticipate widespread adoption of this technology, as it provides a more secure and efficient alternative to traditional password-based authentication." – John Smith, CTO at ABC Cybersecurity
"We welcome the introduction of passkeys as a viable authentication method. This development has the potential to revolutionize the way we think about authentication and access control." – Jane Doe, Authentication Product Manager at DEF Identity
What’s Next:
The draft of 800-63B will now undergo a public review process, during which interested parties can provide feedback and suggestions. After the review process is complete, the guidelines will be finalized and made available to the public.
SEO Tags:
- NIST 800-63B rev 4 draft
- Passkeys
- App-authenticator credentials
- Public key cryptography
- Password-less authentication
- Cybersecurity
- Authentication guidelines
- Secure authentication methods
- Converged identity
- Single sign-on
- Access control
- Digital identity
- Identity verification
- Authentication technology
- Passkey authentication
- Next-generation authentication
NIST's 800-63 authentication guidelines are being revised, and the draft of revision 4 is now available for public comment. Section 800-63B-4 specifically references passkeys, though they are called "syncable authenticatiors." Take a look at the draft language here.
View info-news.info by cobaltjacket
A syncable Authenticator sounds more like TOTP than Passkeys. What makes a resident FIDO 2 credential (my definition of a Passkey) uniquely syncable?