The National Institute of Standards and Technology has proposed significant changes to Special Publication 800-63, which will guide agencies and others in how individuals are authenticated to digital services.

Some of the changes include:

• Eliminates level two
• Deprecates over the air one-time passcodes
• Defines acceptable use of knowledge-based verification
• Specifies acceptable password policies
• Ends visual-only document inspection for identity proofing at higher levels

The revision are still being digested by identity exerts but it’s time to gets some first blush reactions to the new document. SecureIDNews.com and Re:ID will host a Tweet chat on Monday, May 16 from 1 pm ET to 1:30 pm ET to discuss the revisions. Use #SP80063 to make sure the answers and discussions show up in the Tweet chat as well.

To kick off the discussion we’ll start with the following questions:

• What’s the biggest revision to 800-63 and why?
• What do you think about the changes in levels?
• Is deprecating over the air OTPs the right thing to do?
• Is there anything that stands out as significant in the vetting changes?
• The draft calls for enabling server-side storage and matching of biometrics. Can this be done securely?
• What will be the most hotly debated change?

We’re open to other questions too. Tweet us @Avisian with additional or changes to the questions above.

---

Related articles:

NIST undertaking ‘significant update’ to digital authentication guidelines IRS breach tweet chat discusses KBA, possible solutions End of life for fed’s four levels of assurance?